Charge It to My Neighbor: A Relay Attack on ISO 15118 Plug and Charge Payment

ISO 15118, the leading standard for DC fast charging in Europe, includes a plug-and-charge mechanism that allows electric vehicles to handle payment automatically via contract certificates. We present a novel relay attack against this mechanism: an attacker builds a fake charging station, plugs it into a victim's vehicle, and relays the cryptographic authentication to a real charging station - charging the attacker's vehicle while billing the victim. The attack exploits the absence of station-identifying information in the plug-and-charge signature, combined with weaknesses in how ISO 15118 handles TLS certificates. We provide a proof-of-concept implementation demonstrating the full attack chain and discuss possible mitigations and alternatives. As plug-and-charge adoption grows, addressing this vulnerability is critical before it becomes widely exploitable.