Executive Summary

This vulnerability involves manipulating the Signal Level Attenuation Characterization (SLAC) protocol by using spoofed measurements to stage a man-in-the-middle (MitM) attack between an electric vehicle (EV) and chargers that comply with the ISO 15118-2 standard. The attack can be conducted wirelessly within close proximity via electromagnetic induction, allowing an attacker to intercept or alter communications between the EV and the charger. [2]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can allow an attacker to intercept and potentially alter communications between an electric vehicle and its charger, which could lead to unauthorized control or disruption of charging sessions. This could impact the reliability and security of EV charging infrastructure, potentially causing service interruptions or unauthorized access to the charging process. [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include implementing Transport Layer Security (TLS) for all communications between electric vehicles and chargers, ensuring proper certificate chaining as recommended in ISO 15118-20 and ISO 15118-2. Additionally, minimize network exposure of control system devices, isolate control system networks behind firewalls, and use secure remote access methods such as updated VPNs. Conduct impact analysis and risk assessments before deploying defenses and follow CISA's recommended cybersecurity best practices for industrial control systems (ICS). [2]

Useful 0 Not Useful 0