RFID card technology is not working. Sure, it is the most widely used tool to charge electric vehicles but, at the same time, insecure RFID cards put both vehicles and drivers at incredible risk to hackers. Electric vehicle charging stations haven’t yet been widely adopted and already, they are being successfully hacked.The good news is: a solution exists. The e-mobility industry simply needs to implement it. In this post, we’ll look how current charging practices place users at extreme risk for financial fraud and what’s being done (and not done) to combat it. We’ll also cover preventative measures you can take right now to avoid the security breach and widespread loss of user trust, and pave the way for seamless adoption of e-mobility around the world.
Europe’s largest association of hackers, the Chaos Computer Club (CCC), held their 34th annual Chaos Communication Congress in Germany this past December. There, CCC member Mathias Dalheimer’s talk isolated current RFID cards as simply not secure. RFID technology is supposed to identify and authorise users for a charging session, but instead it leaves leeway for financial fraud.
Dalheimer proved this through use cases in which hackers easily get access to the interior of a charging station, manipulate their configuration data and make counterfeit RFID cards to steal users’ account information. He said that it’s rather trivial for hackers to make counterfeit copies of RFID cards with the data gained from the charging station and fraudulently bill transactions to the unprotected accounts of countless users.
Sadly, this security risk has existed for years and shows no sign of letting up thanks to lack of motivation and inaction by the charging infrastructure industry.
The majority of mobility operators, the companies with whom you conclude a charging contract with, and Charging Station Operators (CPOs) continue to use MIFARE Classic RFID cards. A CCC talk given back in 2007 already demonstrated that the weak crypto implementation of MIFARE Classic technology could be hacked within a few simple steps, making it trivial to copy any other MIFARE Classic RFID card.
What’s worse is that companies had the chance to switch to the more secure MIFARE DESFire RFID cards long ago. Had they applied the cryptographic security mechanism that comes with those MIFARE DESFire cards, we wouldn’t be at this worrisome juncture.
More troubling still: most CPOs use only the Universal Unique Identifier (UUID) stored on each RFID card to identify and authorise users for a charging process; the UUID is a publicly readable token and isn’t protected by any cryptographic mechanism whatsoever. A hacker can simply hold their fake copy of a user’s RFID card to the charging station’s reader and the counterfeit-copy of a user’s UUID will be communicated to the CPO’s backend IT system using the widespread Open Charge Point Protocol (OCPP). The CPO then uses this faulty user data to bill mobility operators for unlimited charging that the user did not authorise.
Dalheimer points out that OCPP version 1.5, as it is used at most charging stations, does not use a digital signature-based authentication procedure and therefore has a level of data security that is essentially non-existent. He adds that hacking the UUIDs of countless previous charging sessions is as simple as using a screwdriver to open the charging station and plugging in a USB stick. Add a programmable RFID card to the mix and using other people’s accounts for fraudulent charging sessions becomes nearly effortless.
Since charging processes are often only billed on a monthly basis, the user is confronted with the problem of having to challenge unauthorised charging processes in the end.
Mr. Dalheimer is right to be sounding the alarm. He called for the e-mobility industry to meet the following demands:
On the eve of widespread adoption of the electric car, it is irresponsible for companies to knowingly wait for “enough” cases of financial fraud and user upset to finally change course and implement a more secure technology. Especially when that technology already exists.
As welcome as I find his alarm, I’m surprised Mr. Dalheimer hasn’t realised that a responsible faction of the e-mobility industry is already using a tested solution that meets his demands. That is: ISO 15118, an internationally standardised Vehicle-to-Grid (V2G) communication interface.
Mr. Dalheimer detailed numerous concerning use cases of hackers infiltrating EV charging and billing. The promising technology of ISO 15118 and its convenient, tamper-free Plug & Charge identification mechanism have made these scenarios a thing of the past for companies like Innogy SE (acting as a CPO) and Daimler, who implement this technology in their Smart Electric Drive vehicles.
Allow me to show you what a secure charging session looks like:
Within the ISO 15118 framework, users choose their form of identification. They can opt to use External Identification Means (EIM) if necessary, which requires them to present an RFID card to the charging station’s reader, scan a QR code or manually insert a credit card for identification and payment.
For users concerned about protecting their data, they also have the option to select Plug & Charge instead. With the future-proofed Plug & Charge feature, the only user action required is to plug the charging cable from the EV to the charging station. All aspects of authentication, authorisation, intelligent load control, and billing are taken care of automatically.
This advanced technology is based on public key infrastructures (PKIs) with digital certificates and digital signatures secured by a hybrid crypto system of symmetric and asymmetric encryption algorithms.
Transport Layer Security (TLS) is mandatory for Plug & Charge to establish a secured communication channel between the EV and the charging station. For EIM identification, the first edition of ISO 15118 also allows unencrypted data transmission. Yet, when the second edition comes out in 2019, TLS will be mandatory in all cases.
Additionally, XML-based digital signatures ensure that the authenticity and integrity of the exchanged data is still protected when sent from the charging station to the CPO and from there to other market players, like your mobility operator.
Mr. Dalheimer makes the case that the current version of OCPP is worryingly insecure. While he gave a thorough description of the enormous risk, he again overlooked the solution already on the market: OCPP version 2.0.
Just before his December 2017 talk, the Open Charge Alliance (OCA) published OCPP 2.0 for a public review. As a member of both the ISO 15118 standardisation body and the OCA, I helped to draft OCPP 2.0 and made sure that ISO 15118 data structures and security features are built right into this charging station management protocol. I am confident that this is the forward-looking resolution to the inherent data security risks within the industry’s current charging infrastructure.
In an ideal world, all charging stations would have ISO 15118-compliant features and total interoperability, not just for ease of engineers and manufactures but most importantly: drivers. At the end of his talk, Dalheimer proposes that the e-mobility community comes together to create solutions that solve this potential catastrophe of data security getting hacked all over the world. I agree. But there is no need to go back to the drawing board.
The solution to data security is here. The longer we delay taking action, the more we risk losing the money and trust of growing numbers of drivers and early adopters all over the world. We are in a pivotal moment for the future of e-mobility and it is time for players industry-wide to embrace ISO 15118 and related protocols like OCPP 2.0.
To learn more about the inner mechanics of ISO 15118, take a look at my eBook, the ISO 15118 Manual. Sign up for the V2G Clarity newsletter for a free and extensive excerpt of the manual.
To gain practical experience with ISO 15118 and its Plug & Charge feature, take a look at RISE V2G (GitHub) – an intensively tested reference implementation of ISO 15118 that is highly appreciated by companies and research institutions worldwide. A perfect starting guide for RISE V2G is the free RISE V2G Basics online course called “Revolutionize Electric Vehicle Charging – With Plug & Charge Powered by RISE V2G”.
I have long envisioned the day when electric vehicles finally outnumber the gas guzzlers currently polluting our environment. My hope is that this vision becomes reality within the next ten years – at least as far as new registration figures are concerned. I’ll do everything I can with my work to facilitate this goal.
Contact me anytime via email or the chat box in the lower right corner with questions, comments and feedback.
Sign up at the bottom of this page for the V2G Clarity newsletter and get these topics and more delivered right to your inbox. No spam guarantee.
.png)
Featured
Case Study
ISO 15118
Plug & Charge
%20(1).jpg)
Learn how Switch helps you be compliant with UK Public Charging regulations
Featured
Josev packages the full, battle-tested and certified versions of OCPP 2.0.1 and ISO 15118. It lets you easily upgrade your hardware without implementing the standardised protocol stacks yourself. If you want to try Josev for free and see how it can help your business you can learn more about our trial program here: https://www.switch-ev.com/josev/try-before-you-buy.
ISO 15118-20
Josev
ISO 15118
OCPP 2.0.1
Plug & Charge
NEVI is a major boost for EV charging in the USA. Here's how it works, who can benefit and how Switch helps you qualify.
ISO 15118
ISO 15118-2
ISO 15118-20
Josev
OCPP
Autocharge offers convenience – but at what cost? Its downsides cannot be ignored.
ISO 15118
Josev
Data security
OCPP
Plug & Charge
The App Store makes it easy for you to add value-added service layers to your core offering. Just add the stuff you want and drop anything you don’t: A couple clicks and voila you’re good to go! For example, if you want to make more money from your network, you can easily integrate with one of our roaming hubs like Hubject or GIREVE to make your network visible to millions of drivers.
NetZero
ISO 15118
OCPP
Seamless charging
V2G
Switch now integrates with Hubject, Europe's biggest EV roaming hub. This means you can open your network to millions of drivers with a click.
ISO 15118
OCPP 2.0.1
Plug & Charge
Featured
Testing is essential to creating a functional EV charging experience. More than that, testing with real cars and chargers tell us some vital about the future of EV charging.
ISO 15118
Josev
Plug & Charge
Broken EV chargers are a major hurdle to mass adoption. But what exactly is the issue? Heres what’s causing the problem — and how we can solve it.
OCPP 2.0.1
OCPP
ISO 15118
In June 2023, Josev, our embedded charger software solution, achieved a major milestone. It was certified by Dekra Laboratories and the Open Charge Alliance (OCA) as OCPP 2.0.1 compliant. This certification is a big deal since it guarantees that both the Switch platform and Josev meet the highest (and latest) standards in EV charging. The OCA splits its OCPP 2.0.1 testing into two buckets: 1) Core functionality and 2) Advanced security
OCPP 2.0.1
OCPP
Josev
Switch is one of 11 companies worldwide to receive the prestigious OCPP 2.0.1 certification. This places us at the forefront of EV charging solutions, making Switch the sole provider supporting Plug & Charge. Switch removes all limitations and constraints, allowing businesses to confidently embrace the future of EV charging. Our system paves the way for a sustainable and scalable charging infrastructure that meets the growing needs of electric vehicles.
OCPP 2.0.1
ISO 15118-2
ISO 15118-20
Josev
Plug & Charge
The Switch platform helps you build better EV charging networks and brings real market value that benefits you and your customers, giving you a competitive advantage.
OCPP 2.0.1
Plug & Charge
Advanced uptime diagnostics
V2G
Josev
All this means that you get a superior product packed with vital advanced next-generation capabilities for businesses who want to leverage their EV charging networks, generate and diversify their revenue portfolio and create a seamless charging experience for the end customer. NOW for some exciting news!
Featured
ISO 15118
Josev
V2G
In episode six of our webinar series 'Make the Switch: the benefits of partnering with Switch' we share our expertise and insights in building game-changing tech for EV charging to a global audience, who joined us from the US, Canada, Asia, Europe and the Middle East.
ISO 15118
ISO 15118-20
Plug & Charge
Josev
Seamless charging
Both the telecoms and EV charging industries have experienced rapid and continuous innovation and technological change, moving from the niche to the masses.
ISO 15118
Josev
Josev Community
Open source
Plug & Charge
How Switch is opening the door to advanced EV charging capabilities
Featured
ISO 15118
Plug & Charge
OCPP 2.0.1
OCPP
Have you ever wondered how to take your fleet into an electrified future? Learn from industry experts of Switch and Nuvve how remote diagnostics, charging infrastructure and software platforms will help you electrify your fleet with ease. In episode 5 of our free Switch webinar series, you learn how Switch and Nuvve support the switch to EVs on a commercial scale. Study the differences between V2H (vehicle-to-home), V2B (vehicle-to-building/business), V2L (vehicle-to-load) and V2G (vehicle-to-grid) and get an idea of the business potential of the supported use cases.
Featured
Webinar
V2G
V2B
V2H
This is episode 4 of our free Switch webinar series, where you will learn how our design-led approach helped to create the Switch platform: our game-changing software solution that future-proofs EV chargers. In this episode we covered: the importance of user feedback in designing our customer-focused product, how rapid front-end prototyping helped us explore vital next-step questions and the challenges and solutions of recruiting users for research.
Featured
CCS
Sara
Webinar
ISO 15118
Learn the key concepts across all communication layers of this future-proof technology so you can actively shape this thriving e-mobility market with your innovative and interoperable EV charging products.
ISO 15118-2
Featured
ISO 15118-20
CCS
Plug & Charge
Our founder and CEO, Marc Mültin, talks about Josev Community, our new, free-to-all open source implementation of ISO 15118, and why it’s so important to us and the electric vehicle (EV) charging industry.
Josev
ISO 15118-20
ISO 15118-2
Featured
Josev Community
Switch CEO and founder Marc Mültin tells us how his passion for protecting the environment led him to support the Eden Reforestation Projects not once but twice.
NetZero
Featured
Welcome to our recurring industry smart-up for the EV charging sector. Episode two of our webinar series shines a light on 'What’s new in ISO 15118-20'. Our Switch engineers André and Shalin joined CEO Marc Mültin to discuss the new features introduced with ISO 15118-20.
Josev
ISO 15118-20
ISO 15118-2
Webinar
ISO 15118
Welcome to our recurring industry smart-up for the EV charging sector. In episode one, our engineers Hugo and Chad joined CEO Marc Mültin to shed light on the key benefits of OCPP 2.0.1 over OCPP 1.6, specifically the new and powerful device management functionality, also known as “Device Model”
Sara
CCS
Webinar
OCPP
OCPP 2.0.1
In this article, you’ll get a short overview of the currently available charging standards, we’ll talk about the one with the biggest chances of success, and explain why it’s so important to bring mature software solutions to market. I’ll let you in on the biggest hurdles we’re currently facing and also present to you a solution called JOSEV that will help us get there quicker. Oh, and for those who wonder where Tesla might be headed regarding ISO 15118, I have some news for you, too.
ISO 15118-2
ISO 15118-20
Josev
Plug & Charge
CCS
Want to be a frontrunner for EV charging? Here are the four key ingredients for a thriving e-mobility ecosystem: (1) Customer convenience (2) Smart charging (3) Cyber security (4) Digital services. The Switch system has the capabilities to deliver the EV charging of tomorrow, future-proofing you and your business. Read our blog post for the full story.
Plug & Charge
Josev
OCPP
ISO 15118
Advanced uptime diagnostics
As part of the Combined Charging System (CCS), ISO 15118 is a communication protocol covering all use cases for charging electric vehicles across the globe.
Featured
ISO 15118
ISO 15118-2
ISO 15118-20
ISO 15118-3
Switch, a UK software company, is eliminating poor user experience that is growing exponentially across public electric vehicle charging networks because multiple devices are operating with many different standards. The company is creating the first open source operating system that can be used by every device, eliminating all complexity for charger manufacturers and facilitating interoperability within the e-mobility market.
Seamless charging
Featured
NetZero
Plug & Charge
An in-depth discussion on the ISO 15118 ecosystem with industry leaders who represent seven stakeholders from throughout the electric vehicle industry.
ISO 15118
OCPP
NetZero
V2G
Plug & Charge
The AMA webinar will take place in November 2021 (exact date coming soon) and will be recorded.The details on how to register for and participate at the webinar will follow soon.
Learn the key concepts across all communication layers of this future-proof technology so you can actively shape this thriving e-mobility market with your innovative and interoperable EV charging products.
ISO 15118-2
CCS
Plug & Charge
Take a deep dive into the topic of secure charging communication with the user-convenient Plug & Charge feature of ISO 15118. We’ll focus on the certificate concept, necessary public-key infrastructures, encrypted communication via TLS, and XML-based signatures.
ISO 15118-2
Plug & Charge
Today, I have an exciting announcement that I've been wanting to share with you for weeks.Five years ago, I started as a freelancing e-mobility consultant specialising in future-proof communication standards. This was to help companies around the globe better understand ISO 15118, in order to bring the user-friendly and seamless Plug & Charge experience to market.
Josev
Sara
Featured
Open source
V2G
Plug & Charge is a technological concept initially introduced by the ISO 15118. It enables the today's most user-convenient and secure way of charging EVs.
Featured
Plug & Charge
ISO 15118
CCS
Seamless charging
A webinar hosted by Newcastle University covering many topics related to ISO 15118 and its development (the ecosystem, V2G, smart charging, cyber-security)
ISO 15118
Webinar
Seamless charging
V2G
OCPP
V2G Clarity’s compliance Testing-as-a-Service for OCPP 2.0.1 is being offered alongside comemso’s testing suite for 15118 compliance tests
V2G Clarity’s compliance Testing-as-a-Service for OCPP 2.0.1 is being offered alongside comemso’s testing suite for 15118 compliance tests
ISO 15118
OCPP
OCPP 2.0.1
Learn how various e-mobility market players (e.g. EV OEMs, CPOs, MSPs) need to collaborate in order to bring ISO 15118’s Plug & Charge ecosystem to life.
Calibration law
ISO 15118
Learn about the new features of ISO 15118-20, which include bidirectional power transfer (V2G), wireless power transfer, enforced data security, and more.
Featured
ISO 15118
ISO 15118-20
V2G
V2B
This white paper addresses existing calibration law regulations (“Eichrecht”) and ways to facilitate a transparent and tamper-proof billing process for EVs.
Data security
Calibration law
Take action now to combat climate change – Join efforts to fund reforestation projects worldwide and make a lasting impact for our and future generations
NetZero
V2G
Auto motor und sport's podcast "Moove" with an episode on ISO 15118: "Geld verdienen mit dem Akku des E-Auto – geht das?" (in German).
ISO 15118
ISO 15118-20
Data security
Plug & Charge
Josev
This article shows you how a first-tier supplier for the automotive industry uses RISE V2G to test ISO 15118 on EV on-board chargers (videos included).
Explore the differences between Autocharge and ISO 15118’s Plug & Charge in an extensive report. Both approaches differ in security, complexity, and implementation costs.
ISO 15118
ISO 15118-2
Data security
Plug & Charge
Seamless charging
Imagine your electric vehicle being more than just a means of transportation from point A to point B. What if it could be part of a green energy revolution — a new trend that emerges from the ever-growing number of…
ISO 15118
ISO 15118-20
V2G
Seamless charging
An electric vehicle is capable of both recharging its battery and feeding energy back into the grid. This feature is referred to as vehicle-to-grid (V2G).
V2G
V2H
V2B
ISO 15118
ISO 15118-2
This free, one-hour keynote speech on “Secure and User-Convenient Charging With ISO 15118” is your perfect jumpstart to learn about the EV charging standard
ISO 15118
ISO 15118-20
Plug & Charge
Did you know that the ISO 15118 communication standard currently consists of eight different parts? It can be overwhelming to work with this complex and future-proof technology due to the vast amount of charging-related use cases the standard covers. The…
Featured
ISO 15118
ISO 15118-20
V2B
V2H
That annual feeling is upon us: goal setting and resolutions sweep the public discourse and flood social media, as they do every January. But what if we made collective, societal goals? After spending a decade in the electric mobility industry,…
OCPP
Open source
Advanced uptime diagnostics
We are relatively early in developing an industry that many hope will completely overhaul the current transportation ecosystem worldwide. This means there is an opportunity at every turn to mold the future of our slowly but surely interconnecting world of…
Open source
OCPP
ISO 15118
Data security
When new technology enters the market, we – as a community of experts – need to make sure that each implementation is working according to international specifications. The interoperability of ISO 15118-related charging solutions is key for user acceptance and…
Data security
CCS
Seamless charging
Did you make it to Shanghai this April 19th and 20th? Hundreds of top EV engineers and programmers descended on the 8th International CCS & ISO/IEC 15118 Testing Symposium. These important industry events aim to increase the interoperability of charging…
CCS
Data security
ISO 15118
Seamless charging
.jpeg)
It’s that time again. Twice a year, e-mobility giants and industry cohorts come together with one purpose: to make sure their electric vehicles (EVs) and charging stations conform to the ISO 15118 standard, guaranteeing a future-proof, secure, and user-convenient way…
CCS
Seamless charging
ISO 15118
RFID card technology is not working. Sure, it is the most widely used tool to charge electric vehicles but, at the same time, unsecure RFID cards put both vehicles and drivers at incredible risk to hackers. Electric vehicle charging stations…
Featured
OCPP 2.0.1
Data security
ISO 15118
A common question I receive from the EV community is whether there is a difference between ISO 15118 and DIN SPEC 70121. The answer tends to leave many of you quite surprised. This is an essential distinction to understand in order…
Featured
ISO 15118
Data security
Plug & Charge
Seamless charging
We all know that the rise of e-mobility closely links to a charging infrastructure which is readily available, reliable, and sufficient regarding the number of charging stations installed. These are the primary concerns of those who asses for themselves if…
Data security
ISO 15118
Josev
Josev Community
Plug & Charge
What do you do if you are working on an ISO 15118 implementation, be it for an electric vehicle (EV) or a charging station, and want to make sure that it is a) interoperable with other implementations in the market…
ISO 15118
I am proud to finally announce version 1.0 of RISE V2G – the only complete open source reference implementation of the smart charging communication standard ISO 15118. ALL GOOD THINGS ARE WORTH WAITING FOR I have been tirelessly working the past couple of weeks…
ISO 15118
Josev
Josev Community
Plug & Charge
Time has come again for another international testing symposium, formally known as the 6th International ISO/IEC 15118 Interoperability and Conformance Testing Symposium. This time it will be held in Versailles, France, from June 22nd to June 23rd, at VEDECOM. FIVE…
ISO 15118
Seamless charging
In one of my previous articles called “The Charging Stations’ Backend Protocol OCPP Will Develop – through OASIS and IEC“, I introduced you to a new standardization initiative. This initiative aims at internationally standardizing the communication interface between a charging station…
Data security
Open source
ISO 15118
OCPP
Seamless charging
.jpeg)
The ISO/IEC 15118 Testing Symposium initiative now invites you to the “5th International ISO/IEC 15118 Interoperability and Conformance Testing Symposium”, which will be held on 10 and 11 November in South Korea on the island of Jeju-do. Host of the…
ISO 15118
Plug & Charge
Seamless charging
The Open Charge Point Protocol (OCPP), launched by the Open Charge Alliance, an industry alliance of public and private charging infrastructure providers, is the most widely used communications protocol between charging infrastructure and charging operators. Its further development will now take…
OCPP
OCPP 2.0.1