Black Hat USA 2025 | Smart Charging, Smarter Hackers: The Unseen Risks of ISO 15118

The rise of electric vehicles (EVs) is reshaping global mobility, paving the way for a cleaner, more sustainable future. But this shift is not without challenges. By 2040, more than 600 million EVs are expected to be on the roads, placing enormous pressure on our electricity grids. This could lead to instability and disruptions in the electricity supply, particularly during peak demand. To address this challenge, the International Organization for Standardization released 15118 - a standard that introduces technologies like smart charging and Vehicle-to-Grid communication. These innovations not only help reduce the pressure on the grid, but also promise to enhance the user experience of charging an EV, making it more intuitive and, more importantly, secure. That said, while resolving several critical cybersecurity issues, the standard also introduces new risks. This session will explore how ISO 15118 reshapes the threat landscape of EV charging. We will examine the cybersecurity implications of the standard, looking at the risks it mitigates, shifts, and creates. In fact, while ISO 15118 offers substantial improvements, we argue that the standard is not sufficient to fully secure the EV charging ecosystem. Using ISO 15118 as an example, we will demonstrate how standards and policies - even those that explicitly target cybersecurity - can inadvertently introduce new attack vectors, making them a double-edged sword. By: Salvatore Gariuolo | Senior Threat Researcher, Trend Micro Inc. Presentation Materials Available at: https://ift.tt/N3t72Hg

source https://www.youtube.com/watch?v=_furvigQmxk