Smart Charging, Smarter Hackers: The Unseen Risks of ISO 15118
Black Hat USA 2025 · Day 1 · Briefings
ISO 15118 — the international standard governing communication between electric vehicles and charging stations — meaningfully improves EV charging security by replacing skimmable RFID cards with TLS-protected digital certificates and centralizing payment management. However, Trend Micro researcher Salvatore Garivuolo demonstrates that compliance with ISO 15118 creates a dangerous false sense of security: the standard explicitly leaves charging station hardware outside its scope, and that untrusted hardware becomes the entry point for four distinct attack classes — including grid-frequency manipulation attacks capable of inducing regional blackouts similar to the Spain 2025 power outage. ---
AI review
Garivuolo correctly diagnoses the false-sense-of-security problem with ISO 15118 compliance and the grid frequency attack scenario is legitimately scary. But the talk is more threat model than research — no live exploits, no CVEs, no PoC — and the 'charging stations use Raspberry Pis' observation is old news in ICS circles.