Cyber security assessment of Electric Vehicle On-board Charging control ECU


A German Tier 1 was looking for a partner for cyber security assessment of a charging ECU for an OEM program of Electric Vehicle selected KPIT as a security assessment partner.

Key highlights:

  • Complete assessment including threat analysis, threat modeling, vulnerability assessment and mitigation suggestions
  • System under study is the Charging ECU with PLC as external and CAN-FD as internal communication interface.
  • Identified 133 threats and 12 vulnerabilities in application mode, and 111 threats and 13 vulnerabilities in boot and flashing mode.
  • V2G communication standard based on ISO 15118, a PLC Interface with its own security specifications and TLS based communication.
  • Quick ramp-up through both on-site and off-shore team

The analysis was accepted by customer and they implemented the recommended mitigation by KPIT’s cyber security team. KPIT’s cyber security team was awarded with high CSAT (Customer satisfaction score) from the Tier1 customer.