This study addresses the security posture of Combined Charging System (CCS) DC charging infrastructure, where real-world deployment practices of ISO 15118—and particularly its security mechanisms—remain poorly characterized. Method: We conduct the first large-scale empirical measurement campaign, systematically evaluating ISO 15118 protocol adoption, TLS enablement rates, SLAC signaling behavior, and key management practices across operational charging stations. Contribution/Results: We find that 84% of deployed chargers lack TLS, rendering them incompatible with ISO 15118-2022 security features; even newly installed units (as of December 2023) exhibit widespread non-compliance. Multiple standard violations and anomalous behaviors—including plaintext communication and exploitable SLAC handshakes—expose persistent man-in-the-middle risks. By integrating network scanning, protocol reverse engineering, TLS handshake analysis, and SLAC signaling observation, we uncover systemic lags in protocol evolution, cryptographic configuration, and PKI design. Our work provides the first empirically grounded benchmark for standard implementation and security governance.

The deployment of electric vehicle charging infrastructure is occurring at a rapid pace. Simultaneously, existing standards, such as ISO 15118, which defines critical charging communication, are being improved and further developed. In this paper, we conduct a measurement study of already deployed DC charging stations to analyze the current state of deployment for various protocols. We present the adoption of TLS, and various EV charging protocols with a direct security impact, as well as observations about the Signal Level Attenuation Characterization (SLAC) process, and encryption keys. Our results indicate that even recently installed charging stations (December 2023) do not adhere to the latest version of the standard, leaving them vulnerable to attacks. We found that 84% of the surveyed charging stations do not implement Transport Layer Security (TLS), and are thus unable to implement the latest versions of the ISO 15118 protocol, leaving them vulnerable to attacks already demonstrated years ago. Finally, we observe and document anomalous behavior and violations of the standard.