ISO 15118 Security Vulnerabilities

Attack Vectors

• An attacker could create a malicious certificate that appears valid but is not properly chained to a trusted root
• Implementation flaws in certificate validation logic can lead to acceptance of invalid certificates
• Lack of proper revocation checking can allow use of compromised certificates

Technical Details

Some implementations fail to properly validate the entire certificate chain back to a trusted root CA. This can occur due to incomplete path validation, failure to check certificate revocation status, or improper handling of certificate extensions.

Impact

Unauthorized access to charging services, potential for financial fraud, and compromise of the Plug & Charge authentication system.

Mitigation

Implement strict certificate chain validation according to RFC 5280, including proper path validation, revocation checking (CRL/OCSP), and validation of critical extensions.

References

• CVE-2021-27513
• ISO 15118-2:2014 Section 8.2.3
• RFC 5280 - Internet X.509 Public Key Infrastructure Certificate

Attack Vectors

• Man-in-the-middle attacks during TLS handshake
• Protocol manipulation to force fallback to weaker encryption
• Implementation flaws in TLS version negotiation

Technical Details

ISO 15118-2 specifies TLS 1.2, but some implementations allow fallback to TLS 1.0 or 1.1, which have known vulnerabilities. Additionally, some implementations accept weak cipher suites that can be broken with sufficient computational resources.

Impact

Compromise of the secure communication channel, potentially leading to eavesdropping on sensitive data, message tampering, or session hijacking.

Mitigation

Enforce TLS 1.2+ with strong cipher suites only, implement proper version negotiation, and regularly update TLS libraries to address known vulnerabilities.

References

• BEAST attack (CVE-2011-3389)
• POODLE attack (CVE-2014-3566)
• ISO 15118-2:2014 Section 8.4.2

Attack Vectors

• Man-in-the-middle attacks during certificate provisioning
• Exploitation of weak authentication in the certificate installation process
• Social engineering to trick users into installing malicious certificates

Technical Details

The certificate installation process relies on a shared secret (PCID) that may be transmitted insecurely or generated with insufficient entropy. Additionally, the process lacks strong user confirmation mechanisms, potentially allowing silent installation of unauthorized certificates.

Impact

Installation of fraudulent contract certificates, enabling unauthorized charging sessions and financial fraud.

Mitigation

Implement secure out-of-band PCID exchange, enforce strong entropy requirements for PCID generation, and require explicit user confirmation for certificate installation.

References

• ISO 15118-2:2014 Section 8.3.4
• Hubject Security Research 2019

Attack Vectors

• Injection of malicious content into signed XML messages
• Exploitation of XML parser behavior differences
• Manipulation of XML references and namespaces

Technical Details

ISO 15118 uses XML signatures to ensure message integrity and authenticity. However, improper validation of the relationship between the signature and the message content can allow attackers to inject malicious content while maintaining a valid signature. This occurs when the signature verification process does not properly ensure that the signed content is actually the content being processed.

Impact

Message tampering, potential for unauthorized charging, manipulation of charging parameters, or denial of service.

Mitigation

Implement XML signature validation according to best practices, including strict schema validation, proper canonicalization, and validation of the entire message structure.

References

• XML Signature Wrapping Attacks (McIntosh and Austel, 2005)
• ISO 15118-2:2014 Section 8.4.3
• W3C XML Signature Best Practices

Attack Vectors

• Collection and correlation of contract certificate data
• Unauthorized access to charging session logs
• Network traffic analysis

Technical Details

Contract certificates contain the e-mobility account identifier (EMAID) which uniquely identifies the user's charging contract. This identifier is transmitted during every charging session and can be used to track a user's charging behavior across different locations and times.

Impact

User privacy violation, potential for tracking and profiling of EV users, compliance issues with privacy regulations like GDPR.

Mitigation

Implement privacy-preserving authentication mechanisms, such as anonymous credentials or attribute-based authentication. Minimize data collection and implement proper data protection measures.

References

• ISO 15118-2:2014 Section 8.3.3
• GDPR Article 5 - Principles relating to processing of personal data
• Privacy in Vehicle-to-Grid Interactions (Höfer et al., 2013)

Attack Vectors

• Sending multiple invalid certificates in rapid succession
• Crafting certificates that trigger worst-case validation paths
• Exploiting lack of rate limiting in certificate processing

Technical Details

Certificate validation is computationally expensive, especially when checking revocation status via OCSP or CRLs. An attacker can exploit this by sending multiple invalid certificates, forcing the SECC to perform resource-intensive validation operations that can exhaust system resources.

Impact

Denial of service for legitimate charging sessions, potential system crashes, or degraded performance of charging infrastructure.

Mitigation

Implement rate limiting for certificate validation requests, optimize certificate validation processes, and implement resource allocation limits to prevent resource exhaustion.

References

• ISO 15118-2:2014 Section 8.2.3
• DoS Attacks on PKI (Boneh and Shoup, 2020)

Attack Vectors

• Physical access to the vehicle's communication module
• Exploitation of software vulnerabilities to access key storage
• Side-channel attacks against cryptographic operations

Technical Details

Private keys used for TLS and contract certificate authentication must be securely stored to prevent extraction. However, many implementations store these keys in regular file systems or memory without adequate protection, making them vulnerable to extraction through various attack methods.

Impact

Extraction of private keys would allow an attacker to impersonate the vehicle, potentially enabling unauthorized charging sessions and financial fraud.

Mitigation

Use hardware security modules (HSMs) or trusted platform modules (TPMs) for key storage, implement secure boot and code signing, and use memory protection mechanisms to prevent unauthorized access to cryptographic material.

References

• ISO 15118-2:2014 Section 8.3.2
• FIPS 140-2 Security Requirements for Cryptographic Modules
• Side-Channel Attacks on Automotive Systems (Checkoway et al., 2015)

Attack Vectors

• Man-in-the-middle attacks to intercept and modify session data
• Session identifier prediction or brute forcing
• Race conditions in session establishment

Technical Details

ISO 15118 uses session identifiers to maintain state between the EVCC and SECC. Weaknesses in session identifier generation, validation, or protection can allow attackers to hijack active sessions. Additionally, lack of continuous authentication throughout the session can create windows of opportunity for session takeover.

Impact

Unauthorized control of charging sessions, potential for energy theft, manipulation of charging parameters, or denial of service.

Mitigation

Implement secure session management with strong session identifiers, continuous authentication, and proper session termination. Use TLS to protect session data in transit.

References

• ISO 15118-2:2014 Section 8.4.3
• OWASP Session Management Cheat Sheet
• Secure Session Management in Web Applications (Steel et al., 2006)