image: SwRI identified security vulnerabilities in the Signal Level Attenuation Characterization (SLAC) protocol governing the connection process between a supply equipment communication controller (SECC) and electric vehicle communication controller (EVCC). SwRI developed a machine-in-the-middle (MitM) device to tap into the appropriate line in the charger cable. Researchers injected signals that led to full control over the communications channel. By spoofing a second charger with superior attenuation, an attacker can bridge the charger connection to intercept traffic.
Credit: Southwest Research Institute
SAN ANTONIO — November 18, 2025 — Southwest Research Institute identified a security vulnerability in a standard protocol governing communications between electric vehicles (EV) and EV charging equipment. The research prompted the Cybersecurity & Infrastructure Security Agency (CISA) to issue a security advisory related to the ISO 15118 vehicle-to-grid communications standard.
Through internal research, a team of SwRI engineers spoofed signal measurements between an EV and EV supply equipment (EVSE), leading to CISA’s publication of a Common Vulnerabilities & Exposures (CVE) advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-303-01.
“It’s important to note that this vulnerability comes from the requirements in an industry standard, meaning it can affect a variety of vehicle manufacturers,” said Mark Johnsn, an SwRI engineer who led the research. “We hope this will encourage manufacturers to continue working to adopt ISO 15118-20 and to adopt technologies such as public key infrastructure in the EV charging space that would better protect consumers.”
The research explored vulnerabilities in the Signal Level Attenuation Characterization (SLAC) protocol. The ISO 15118 communication standard relies on SLAC to identify which charging station a particular vehicle is connected to within a charger network. This process involves sending a signal from the vehicle to the chargers, which then respond with a measure of signal quality.
After identifying security deficiencies within the SLAC process, SwRI’s research team developed a machine-in-the-middle (MitM) attack to test if communications between vehicles and chargers could be compromised. The researchers successfully modeled the attack using simulators before replicating the attack between vehicles and charging stations.
Using the MitM device to tap into the appropriate line in the charger cable, the researchers injected signals that led to full control over the communications channel, demonstrating that that the EV charging process could be manipulated or halted using the MitM attack.
“It took some time to develop the software for the attack, but running the attack was surprisingly consistent,” said Kyle Owens, an engineer who supported the project. “The research demonstrates how a malicious actor can trick an EV into establishing a connection by responding to the vehicle's SLAC signal with an artificial measurement.”
Newer components of the standard, such as ISO 15118-20, require the use of Transport Layer Security (TLS), which limits the potential impacts of this vulnerability. Although such security protocols demand more computational power, they are necessary to protect future generations of vehicles. SwRI researchers note that this vulnerability can be leveraged to confirm the presence of such countermeasures or to conduct related security research.
The project used a direct connection to confirm the existence of the vulnerability. However, the SwRI researchers also demonstrated the attack wirelessly, via electromagnetic induction, in a benchtop simulation. SwRI is considering future research to further explore the attack’s feasibility through wireless technologies.
The SwRI’s High Reliability Systems Department performs a variety of cybersecurity services for the automotive industry, helping to identify cyberthreats to ground vehicles, transportation infrastructure, and automotive embedded systems.
For more information, visit https://www.swri.org/markets/automotive-transportation/automotive/automotive-software-electronics/electric-vehicle-cybersecurity-services.