Guardado en:
Detalles Bibliográficos
Autores principales: Löw, Jakob, Vasu, Vishwa, Hutzelmann, Thomas, Hof, Hans-Joachim
Formato: Preprint
Publicado: 2025
Materias:
Acceso en línea:https://arxiv.org/abs/2512.15966
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866910244147298304
author Löw, Jakob
Vasu, Vishwa
Hutzelmann, Thomas
Hof, Hans-Joachim
author_facet Löw, Jakob
Vasu, Vishwa
Hutzelmann, Thomas
Hof, Hans-Joachim
contents ISO 15118, the leading standard for DC fast charging in Europe, includes a plug-and-charge mechanism that allows electric vehicles to handle payment automatically via contract certificates. We present a novel relay attack against this mechanism: an attacker builds a fake charging station, plugs it into a victim's vehicle, and relays the cryptographic authentication to a real charging station - charging the attacker's vehicle while billing the victim. The attack exploits the absence of station-identifying information in the plug-and-charge signature, combined with weaknesses in how ISO 15118 handles TLS certificates. We provide a proof-of-concept implementation demonstrating the full attack chain and discuss possible mitigations and alternatives. As plug-and-charge adoption grows, addressing this vulnerability is critical before it becomes widely exploitable.
format Preprint
id arxiv_https___arxiv_org_abs_2512_15966
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Charge It to My Neighbor: A Relay Attack on ISO 15118 Plug and Charge Payment
Löw, Jakob
Vasu, Vishwa
Hutzelmann, Thomas
Hof, Hans-Joachim
Cryptography and Security
ISO 15118, the leading standard for DC fast charging in Europe, includes a plug-and-charge mechanism that allows electric vehicles to handle payment automatically via contract certificates. We present a novel relay attack against this mechanism: an attacker builds a fake charging station, plugs it into a victim's vehicle, and relays the cryptographic authentication to a real charging station - charging the attacker's vehicle while billing the victim. The attack exploits the absence of station-identifying information in the plug-and-charge signature, combined with weaknesses in how ISO 15118 handles TLS certificates. We provide a proof-of-concept implementation demonstrating the full attack chain and discuss possible mitigations and alternatives. As plug-and-charge adoption grows, addressing this vulnerability is critical before it becomes widely exploitable.
title Charge It to My Neighbor: A Relay Attack on ISO 15118 Plug and Charge Payment
topic Cryptography and Security
url https://arxiv.org/abs/2512.15966