Login
Book a demo

ISO 15118

ISO 15118 Security Testing and Validation

ISO 15118 defines the communication framework between electric vehicles and charging stations. It supports functions such as plug and charge, secure authentication, automated billing, and optional firmware or contract updates over the charging interface. Because ISO 15118 processes sensitive data, billing information and security critical operations, weaknesses in implementation may lead to unauthorised access, financial fraud, denial of service or disruption of charging infrastructure.

At CyTAL we provide comprehensive protocol aware security testing of ISO 15118 implementations using our ProtoCrawler platform. We assess message parsing, TLS handshake behaviour, certificate handling, error recovery and resilience under stress. Our goal is to help you identify and remediate vulnerabilities before your system is deployed in real world charging environments.

What Is ISO 15118

ISO 15118 is a standard designed for communication between electric vehicles and Electric Vehicle Supply Equipment. It defines:

  • Session negotiation over a communication link such as Power Line Communication or TCP IP over Ethernet or WiFi

  • Secure use of TLS for confidentiality and integrity

  • Structured message formats and state driven workflows covering service discovery, contract authentication, charge session negotiation, metering, billing and session closure

  • Optional support for firmware updates, smart charging and load balancing

ISO 15118 supports a complete feature set required for modern smart charging, improving convenience and interoperability. This flexibility also introduces complexity and a wide attack surface if implementations are not carefully validated.

Architecture and Attack Surface

Implementations of ISO 15118 typically involve several interacting components. Vulnerabilities may appear in any of the following areas.

Message Parsing and XML or Data Structure Handling

ISO 15118 often uses structured data within TLS payloads. Common issues include:

  • Improper boundary checking or malformed fields

  • Vulnerabilities in XML or data parsing libraries such as entity expansion or unexpected tags

  • Incorrect handling of optional fields or unexpected node types

  • Incomplete validation of message length, structure or encoding

Such issues can lead to denial of service through parser crashes, logic bypass or injection attacks.

TLS Handshake and Certificate Management

Secure communication depends on TLS. Risks include:

  • Weak cipher suites or outdated protocol versions

  • Incorrect certificate validation or poor chain checking

  • Acceptance of self signed or expired credentials

  • Missing mutual authentication where required

These problems may allow man in the middle attacks or unauthorised session initiation.

Session State and Workflow Logic

ISO 15118 requires strict adherence to defined workflows. Vulnerabilities may occur if:

  • State transitions are accepted out of order

  • Error cases or unexpected messages are not handled safely

  • Replay attacks are not prevented

  • Session cleanup or timeouts are weak

Such weaknesses may lead to unauthorised charging, billing fraud, denial of service or inconsistent session behaviour.

Firmware or Contract Update Mechanisms

Some deployments of ISO 15118 support remote updates of firmware or contract data. Risks include:

  • Insufficient validation of update packages

  • Weak or missing digital signature checks

  • Insecure handling of signing keys

  • Failure to verify integrity before applying updates

These issues may allow supply chain attacks or malicious firmware deployment.

Network and Transport Layer Vulnerabilities

Depending on transport type, the system may be exposed to:

  • Packet injection or replay attacks

  • Denial of service through flooding or malformed packets

  • Weak separation between control networks and charging networks

Resource constrained EVSE devices are especially vulnerable to performance degradation or crashes under attack.

Common Vulnerabilities in ISO 15118 Implementations

Based on our testing and research, the most common issues include:

  • Vulnerabilities in parsing libraries triggered by malformed or unexpected messages

  • TLS misconfiguration including weak cipher suites or acceptance of invalid certificates

  • Poor session state handling that permits replay or out of sequence messages

  • Weak or missing integrity checks on firmware update packages or billing records

  • Resource exhaustion caused by repeated invalid session requests or malformed network traffic

  • Lack of logging or alerting for protocol deviations or repeated failures

Testing ISO 15118 Implementations with ProtoCrawler

ProtoCrawler performs deep, protocol aware testing across all major components of ISO 15118.

Structured Message Fuzzing

ProtoCrawler generates valid ISO 15118 exchanges and then applies controlled mutations including malformed fields, unexpected tags, missing elements and corrupted encoding. This tests parser robustness and error handling.

TLS and Transport Layer Stress Testing

We attempt connections using weak cipher suites or invalid credentials to verify rejection of insecure transports. We also simulate network anomalies such as loss, duplication, delay and fragmentation, particularly relevant for PLC based systems.

Session Workflow Validation

ProtoCrawler tests both valid and invalid session sequences. Examples include skipping authentication, replaying old messages or injecting invalid metering data. This verifies that workflow logic is correctly enforced.

Firmware and Update Mechanism Checks

We assess update flows by supplying valid signed packages along with corrupted, incorrectly signed or truncated packages. This confirms proper signature checking and safe rejection of invalid updates.

Denial of Service and Resource Exhaustion Scenarios

ProtoCrawler sends repeated or malformed session initiation requests, high volumes of handshake attempts or invalid packets to test resilience against resource exhaustion and stability under stress.

Continuous Integration and Regression Testing

ProtoCrawler can be integrated into development pipelines to automatically test code changes or firmware updates. This helps identify regressions early and maintain consistent security across releases.

Best Practices for Secure ISO 15118 Deployments

Strict Input Validation and Secure Parsing

  • Validate messages against schema or specification

  • Reject malformed, unexpected or truncated messages early

  • Use safe libraries that protect against common parsing vulnerabilities

Strong TLS Configuration and Certificate Management

  • Use modern cipher suites and disable legacy protocols

  • Enforce strict certificate validation and revocation checks

  • Require mutual authentication where appropriate

Robust Session State Management

  • Enforce correct sequencing of all session steps

  • Reject out of order or replayed messages

  • Apply timeouts and perform reliable session cleanup

Secure Firmware and Update Handling

  • Require digitally signed update packages

  • Verify signatures and integrity before applying updates

  • Store signing keys securely and apply least privilege principles

Resilience to Transport and Network Threats

  • Isolate EVSE networks from general IT networks

  • Apply rate limiting and packet validation

  • Log and monitor unusual activity or repeated failures

Logging, Monitoring and Incident Response

  • Maintain detailed logs of protocol activity and failures

  • Alert on abnormal traffic patterns

  • Perform regular audits and repeat security testing

Frequently Asked Questions About ISO 15118 Security Testing

Q: Why is ISO 15118 more sensitive than simple charging protocols
Because it supports authentication, billing, contract exchange and optional firmware updates. Weaknesses may lead to fraud, unauthorised access or safety risks.

Q: Does every charging station need ISO 15118 testing
Yes. Even simple EVSE units may expose vulnerabilities if implementation is incomplete or incorrect.

Q: Can ProtoCrawler test both PLC and TCP IP based ISO 15118
Yes. ProtoCrawler supports both transport types along with network anomaly simulation.

Q: Are firmware update mechanisms a common weak point
Yes. In several real world cases signature verification or integrity checks were not implemented correctly.

Q: How often should ISO 15118 stacks be tested
Before initial deployment, after any change in code or configuration and after every firmware update. For public charging networks, regular testing is strongly recommended.

Secure Your ISO 15118 Deployment with CyTAL

ISO 15118 provides powerful features for modern EV charging, but it also introduces significant complexity and a large attack surface. CyTAL’s ProtoCrawler platform delivers deep, protocol aware testing to uncover vulnerabilities in parsing, authentication, update handling and transport behaviour.

Contact us to arrange a demonstration or to discuss how we can help secure your ISO 15118 ecosystem before it reaches production.