ISO 15118-2 Man-in-the-Middle Vulnerability via SLAC Protocol Manipulation
Vulnerability
A vulnerability exists in the ISO 15118-2 standard for electric vehicle charging, allowing for man-in-the-middle attacks. By spoofing measurements in the Signal Level Attenuation Characterization (SLAC) protocol, an attacker can intercept communications between an electric vehicle and compatible chargers. This vulnerability may be exploited wirelessly, at close range, through electromagnetic induction.
Impact
Exploitation of this vulnerability could lead to unauthorized interception and manipulation of communications between electric vehicles and chargers, potentially allowing attackers to alter charging parameters or disrupt the charging process.
Remediation
ISO recommends using TLS for all communications, in line with ISO 15118-20, where TLS is required. For additional information, contact the International Electrotechnical Commission.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.