Login
Register
Submit a Paper
Propose a Special lssue
Open Access
ARTICLE
Comprehensive Black-Box Fuzzing of Electric Vehicle Charging Firmware via a Vehicle to Grid Network Protocol Based on State Machine Path
System Security Research Center, Chonnam National University, Gwangju, 61186, Republic of Korea
* Corresponding Author: Ieck-Chae Euom. Email:
Computers, Materials & Continua 2025, 84(2), 2217-2243. https://doi.org/10.32604/cmc.2025.063289
Received 10 January 2025; Accepted 19 May 2025; Issue published 03 July 2025
View Full Text
Download PDFAbstract
The global surge in electric vehicle (EV) adoption is proportionally expanding the EV charging station (EVCS) infrastructure, thereby increasing the attack surface and potential impact of security breaches within this critical ecosystem. While ISO 15118 standardizes EV-EVCS communication, its underspecified security guidelines and the variability in manufacturers’ implementations frequently result in vulnerabilities that can disrupt charging services, compromise user data, or affect power grid stability. This research introduces a systematic black-box fuzzing methodology, accompanied by an open-source tool, to proactively identify and mitigate such security flaws in EVCS firmware operating under ISO 15118. The proposed approach systematically evaluates EVCS behavior by leveraging the state machine defined in the ISO 15118 standard for test case generation and execution, enabling platform-agnostic testing at the application layer. Message sequences, corresponding to valid and mutated traversals of the protocol’s state machine, are generated to uncover logical errors and improper input handling. The methodology comprises state-aware initial sequence generation, simulated V2G session establishment, targeted message mutation correlated with defined protocol states, and rigorous response analysis to detect anomalies and system crashes. Experimental validation on an open-source EVCS implementation identified five vulnerabilities. These included session integrity weaknesses allowing unauthorized interruptions, billing manipulation through invalid metering data acceptance, and resource exhaustion vulnerabilities from specific parameter malformations leading to denial-of-service. The findings confirm the proposed method’s capability in pinpointing vulnerabilities often overlooked by standard conformance tests, thus offering a robust and practical solution for enhancing the security and resilience of the rapidly growing EV charging infrastructure.Keywords
Internet of Things (IoT) security; risk assessment; data privacy; fuzzing test; electric vehicle charger security
Cite This Article
APA Style
Kim, Y., Shin, D., Euom, I. (2025). Comprehensive Black-Box Fuzzing of Electric Vehicle Charging Firmware via a Vehicle to Grid Network Protocol Based on State Machine Path. Computers, Materials & Continua, 84(2), 2217–2243. https://doi.org/10.32604/cmc.2025.063289
Vancouver Style
Kim Y, Shin D, Euom I. Comprehensive Black-Box Fuzzing of Electric Vehicle Charging Firmware via a Vehicle to Grid Network Protocol Based on State Machine Path. Comput Mater Contin. 2025;84(2):2217–2243. https://doi.org/10.32604/cmc.2025.063289
IEEE Style
Y. Kim, D. Shin, and I. Euom, “Comprehensive Black-Box Fuzzing of Electric Vehicle Charging Firmware via a Vehicle to Grid Network Protocol Based on State Machine Path,” Comput. Mater. Contin., vol. 84, no. 2, pp. 2217–2243, 2025. https://doi.org/10.32604/cmc.2025.063289
Copyright © 2025 The Author(s). Published by Tech Science Press.This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Downloads
Citation Tools
