As an expert lab in embedded systems security evaluations and penetration testing, we support the automotive industry evaluating components and systems resiliance against state-of-the-art cybersecurity attacks, at a hardware, software, communications and cryptographic level.

New vehicles are increasingly made up of a network of IT components that communicate internally, using wired and wireless interfaces (CAN, LIN or Auto Ethernet), and externally, with telematic services, EV charging systems and intelligent driving systems. 

Automotive Tier 1 suppliers are responsible for developing most of the cybersecurity-critical components embedded in a car. OEMs require guarantees that adequate protections and countermeasures are in place to ensure product resilience against potential attackers. 

The automotive standards and regulations ecosystem for cybersecurity in vehicles and components is still under development. UNECE WP.29 is the only mandatory regulation in place, while OEMs have a myriad of sectoral standards and best practices available to set up the cybersecurity requirements passed by Tier 1s. 

In order to demonstrate components’ resilience against state-of-the-art attacks, OEMs and Tier 1 manufacturers can turn to specialized security laboratories to evaluate their products. 

Cybersecurity Evaluations for Automotive Components

Applus+ IT labs has a strong record of accomplishments evaluating embedded components’ security at a hardware, software, communications and cryptographic level. We have expertise with the complete OSI stack, from system boot to intersystem communications. This bird’s eye view allows us to assess complex systems with a high level of assurance. 

 

Threat Analysis and Risk Assessment (TARA)

  • Reviews of global, per-project and continuous cybersecurity management and activities for the concept, development and post development phases of the product life cycle, to reach the desired level of security guarantees
  • TARA projects can be done following specific automotive standards, such as ISO/SAE DIS 21434 and less sectorial frameworks such as ISO/IEC 62443, even with custom TARA systems (such as in-house requirements)

 

Security evaluations tailored to the customer need

We can tailor the evaluation effort in accordance to the desired level of assurance (basic, moderate and complete assurance). Evaluation targets ranges from single components (SoC, HSM, PCB), to devices (ECU, TCU, OBC) to systems and networks (3GPP, Bluetooth, CAN, 100-BaseT1)

  • Design Review, Source Code Review (SCR) and Vulnerability Analysis (VA)
  • Full-stack penetration testing to evaluate the attack resistance and resilience of the device
  • Custom evaluations for custom OEM/Tier conformance requisites

 

Security trainings and best practices (design and code)

Open cybersecurity trainings and courses aimed at roles like system engineers, cybersecurity managers or software architects. Some examples of our trainings:

  • State-of-the-art of secure coding principles and how they can be applied into day-to-day operations
  •  Automotive solutions from an attacker’s perspective and how the devices can be attacked, helping to identify ways to apply this knowledge to your product and make it more robust

 

Why choose Applus+ as a cybersecurity partner? 

  • High assurance security evaluation laboratory with experience in several sectors: automotive, payments, telecom, industrial, mobile...
  • State-of-the-art attack techniques and equipment to evaluate components and devices integrated in a vehicle, covering physical attacks, software attacks, and network & wireless attacks
  • Expertise to support the validation of a secure life cycle during product development
  • Footprint in Europe (2 cybersecurity labs in Spain) and Asia (1 functional lab in Shanghai) 
  • Capability to cover several standards and regulations related to cybersecurity in the automotive sector

Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). Click HERE for more information. You can accept all cookies by pressing the "Accept" button or configure or reject their use by clicking here.

Cookie settings panel