Security Validation and Vulnerability Testing for Automotive Software

As vehicles continue to evolve into sophisticated, software-driven machines, automotive cybersecurity has become as critical as a car’s physical safety. Modern vehicles rely on millions of lines of code that must not only work seamlessly but also remain resilient to potential cyberattacks. Regulations and industry standards mandate manufacturers to safeguard their systems against these threats. Two fundamental processes in achieving this are security validation and vulnerability testing. While both aim to ensure software security, they take distinct approaches to achieve it. Let’s dive into their roles, differences, and why they’re indispensable for automotive cybersecurity.

Security Validation

At its core, security validation is about ensuring that a system meets predefined security requirements and functions as expected under normal conditions. Think of it as a quality assurance process that confirms security measures are implemented correctly and comply with industry standards like UN R155/156 or ISO/SAE 21434.

For instance, security validation could involve verifying that Over-the-Air (OTA) update mechanisms comply with UN R156 requirements or ensuring that each ECU component is secure under different real-world conditions.

Manufacturers employ various testing methods to perform security validation, including but not limited to:

  • Functional Testing, which ensures key features like encryption and authentication work correctly under normal use cases.
  • Fuzz Testing, which introduces random or unexpected inputs to assess system stability and expose hidden vulnerabilities.
  • Penetration Testing, which simulates attack scenarios to test the system’s ability to defend against real-world threats.

The primary goal of security validation is to provide confidence and documented proof that all cybersecurity measures are not only in place but also operating effectively according to regulatory standards.

Vulnerability Testing

While security validation checks compliance, vulnerability testing takes a broader approach, exploring potential weaknesses or flaws that attackers might exploit. This process identifies vulnerabilities—both known and unforeseen—through rigorous probing and stress testing. Given that vehicle software is constantly evolving, vulnerability testing must be an ongoing process to mitigate risks proactively.

Common techniques include:

  • Fuzz Testing for Vulnerability Detection, which detects weaknesses by feeding unexpected or malformed data into the system.
  • Network and Protocol Testing, which analyzes communication protocols such as CAN, LIN, and Ethernet for exploitable flaws like injection vulnerabilities.
  • Hardware Security Testing, which examines hardware-software interactions, such as the extraction of firmware from electronic control units (ECUs), for potential vulnerabilities.

Unlike security validation, which confirms what is known, vulnerability testing ventures into the unknown, uncovering potential attack vectors that may not have been anticipated during the development process.

Key Differences Between Security Validation and Vulnerability Testing

Security Validation and Vulnerability Testing Differences

By combining these two processes, manufacturers can build automotive systems that are not only compliant but also resilient to cyber threats.

As the automotive industry moves toward greater connectivity, the stakes for cybersecurity are higher than ever. Security validation ensures that systems meet regulatory standards, while vulnerability testing helps uncover hidden risks before malicious actors can exploit them. Together, they form a comprehensive approach to protecting vehicle systems from cyber threats.

For instance, validating the proper encryption of V2X communication provides compliance, but only through vulnerability testing can potential flaws in cryptographic implementation be identified. By integrating both practices into the development lifecycle, manufacturers can ensure their systems are secure and future-ready.


Cybersecurity in modern vehicles is no longer an optional feature—it’s a foundational requirement. Security validation and vulnerability testing are two sides of the same coin, each addressing distinct yet complementary aspects of the security landscape. When combined, they provide the robust framework needed to protect vehicles from both known and emerging cyber threats.

For manufacturers, embracing these processes is not just about meeting regulatory requirements—it’s about staying ahead in an industry where safety, innovation, and trust go hand in hand.

EDR and DSSAD: A Look at Vehicle Accident Analysis Tools

In this age of autonomous driving technology, whenever there is an accident, heads turn to utilizing data from vehicle data recorders like the Event Data Recorder (EDR) or Data Storage System for Automated Driving (DSSAD) to uncover the accident cause. In today’s blog, we’ll take a closer look at the functions of the EDR and DSSAD, their differences, and their significance for accident analysis in the new era of autonomous driving.

It has become easier than ever to obtain recordings of vehicle accidents. With the combination of vehicle dashcams and nearby CCTV footage, determining the cause or perpetrator of an accident has become much more manageable than before. However, it can still be challenging to ascertain the root cause of an accident solely through video footage.

One particular type of accident that is difficult to analyze is the case of a sudden unintended acceleration (SUA). While the number of reported incidents has been decreasing this past decade, SUA accidents remain a frequent and often controversial topic of discussion. These types of accidents can be challenging to evaluate solely through video footage analysis, and this is where additional devices and data become necessary.

EDR

The Event Data Recorder or EDR is a type of data recording device that is embedded into a vehicle’s Airbag Control Unit (ACU) or the engine’s Electronic Control Unit (ECU). When a collision or a sudden incident occurs while the vehicle is in motion, the EDR records data related to vehicle operations for a specific period of time.

In many countries, there are stringent regulations on what the EDR is required to record. For example, in the United States, the National Highway Traffic Safety Administration (NHTSA) specifies requirements for EDRs under 49 CFR (Code of Federal Regulations) Part 563.

Source: 49 CFR Part 563: Event Data Recorders, published by the National Highway Traffic Safety Administration (NHTSA)

The EDR records critical vehicle data as listed above. In the case of an incident, vehicle owners can provide this information to authorities for accident analysis. The EDR plays a vital role in understanding accident dynamics and improving vehicle safety standards as a whole. The EDR is so vital, in fact, that in 2022 the NHTSA proposed to extend the EDR recording period from five seconds to 20 seconds.

This realization of the importance of EDRs is not limited to the United States. In 2021, the UNECE’s WP.29 (The World Forum for Harmonization of Vehicle Regulations) put into force UN R160, a regulation establishing provisions concerning vehicles and EDRs. R160 defines certain data collection and implementation requirements for EDRs. Following this, in 2022, the European Union approved a new act that requires the installation of an EDR in all motor vehicles in M and N categories (passenger vehicles and trucks). The regulation went into force in July of 2024 for all new vehicles.

DSSAD 

The Data Storage System for Automated Driving (DSSAD) is a device designed to record and store data during autonomous driving sequences. It records and stores data on significant events related to autonomous driving, such as system activation, partial autonomous system failure, or minimal risk maneuvers. This data can then be used to address accidents and regulatory issues related to autonomous vehicles.

While DSSADs are only mandated in a handful of countries, their implementation is subject to certain regulatory measures for compliance. For instance, UNECE’s UN R157, which covers automated lane-keeping systems (ALKS), mandates DSSAD for vehicles equipped with ALKS in order to monitor status changes in the autonomous driving system (ADS).

Comparison of EDR and DSSAD

Comparison of DSSAD and EDR data recording for accident analysis

While there are similarities between EDR and DSSAD, there are core differences between the two.

  • The EDR is primarily designed for investigation of conventional vehicles, while the DSSAD is specifically developed for autonomous and semi-autonomous vehicles.
  • The EDR stores and provides data related to accidents just before they occur, while the DSSAD will store autonomous driving-related data for a relatively long period.
  • EDR data is only stored temporarily, and is not typically retained unless a crash occurs, while the DSSAD data is retained for a longer timeframe (typically around six months), or up to a certain number of recorded events to ensure comprehensive documentation.

Despite the differences, the two complement each other in analyzing accidents and clarifying liabilities regarding an incident. A vehicle’s dashcam has limitations, so the EDR can be crucial for accident analysis. Regulations regarding DSSAD in autonomous vehicles can also clarify responsibility between driver(s) and the vehicle.

In today’s era of autonomous driving technology, both the Event Data Recorder (EDR) and the Data Storage System for Automated Driving (DSSAD) are gaining significant attention due to growing concerns about liability in the event of accidents. However, this also brings forth the issue of cybersecurity. Maintaining data integrity is essential, as both the EDR and DSSAD store and retrieve data that could influence accident investigations. Tampering with this data could not only hinder accurate accident analysis but also allow parties to misplace liability. Security measures such as data anonymization and encryption are vital for protecting sensitive information stored by the EDR and DSSAD, as well as safeguarding personal data, location information, and driving records.

EDR and DSSAD are vital tools for transparency and accountability in autonomous vehicles, but their effectiveness hinges on comprehensive cybersecurity. By implementing robust protections against data tampering and unauthorized access, these recording technologies can serve their intended purpose: helping investigators understand complex accidents, advancing autonomous driving technology, and building public trust. The path to widespread adoption requires both sophisticated data collection and unwavering security measures.

Navigating the evolving mobility landscape is complex, but cybersecurity will play a key role in building trust among manufacturers, consumers, and legislators, ultimately paving the way for a secure future.


To stay informed about the latest news on mobility tech and software-defined vehicles, subscribe to AUTOCRYPT’s monthly newsletter.

Smart Automotive Fuzzing: Tools & Techniques to Speed Up Testing

Securing complex automotive systems from cybersecurity threats has become essential as connected and autonomous vehicles proliferate. The shift in the industry is mirrored by regulatory bodies enforcing cybersecurity measures across the board. As the standards for cybersecurity grow, fuzz testing has emerged as a powerful tool that helps manufacturers meet cybersecurity demands.

Traditional fuzz testing methods are often labor-intensive and struggle to keep pace with modern vehicles’ intricate software structures. Fortunately, cybersecurity testing technology has evolved in the past years. Advanced fuzzing techniques, like smart and automated fuzzing, are transforming automotive cybersecurity testing—reducing time-to-market, enhancing system resilience and overall vehicle safety, all while helping achieve regulatory compliance. This article will discuss the latest tools and technologies enabling smart automotive fuzz testing.

Overview of Fuzzing in Automotive Systems

As vehicles become more software-driven, their internal structures consisting of millions of lines of code are turning exponentially complex. That is why fuzz testing is essential for cybersecurity evaluation of automotive systems.

Fuzz testing, or fuzzing, is a cybersecurity technique where random or unexpected data is injected into a program to discover bugs, code discrepancies, and hidden vulnerabilities. Fuzzing helps uncover zero-day vulnerabilities that traditional testing methods may miss.

Challenges of Traditional Automotive Fuzz Testing

Despite its importance, traditional fuzz testing faces several challenges in the automotive sector.

Modern software-defined vehicles contain numerous interconnected systems, such as CAN, LIN, and Ethernet networks, that communicate with various sensors and external devices. This complexity makes it difficult to comprehensively assess the resilience of all vehicle components using a traditional fuzz test, resulting in incomplete coverage of potential vulnerabilities.

In addition, traditional fuzz testing often requires a manual process of inputting random data and observing system responses. This time-intensive approach requires round-the-clock labor and can delay development timelines, especially when testing complex systems where the number of test cases increases exponentially.

Smart Automotive Fuzzing: A Game Changer

Fortunately, vehicle cyber security testing tools have progressed with time and now incorporate advanced features like smart fuzzing. Smart automotive fuzzing is an innovative approach that leverages artificial intelligence (AI) and machine learning (ML) to make fuzz testing more efficient. This type of advanced testing uses data-driven methods to generate more targeted inputs, mixing and inputting test cases generated by multiple algorithms. This significantly improves test coverage while reducing the time required for testing.

AI-driven fuzzing tools use feedback mechanisms to learn from previous test iterations, adapting them to focus on high-risk areas of the system. For example, smart fuzzers record the outputs from previously conducted fuzz tests and use these results for subsequent rounds of test case generation. This ensures a more comprehensive assessment of critical vulnerabilities.

For instance, AutoCrypt Security Fuzzer uses a logical test case modeler to generate logic-based semi-random inputs tailored to the system being tested. The tool automates the creation of test cases based on the protocols and specifications of the target system. This ensures that only relevant test cases are generated, drastically reducing the need for manual intervention and saving valuable time. Employing an advanced judgment logic, the testing tool continuously monitors the vehicle system to detect failed cases.

Automatic ECU Status Recovery

One of the most time-consuming aspects of traditional fuzz testing is the need for manual system recovery after a failure or crash. Smart automotive fuzzing tools address this with automatic ECU status recovery, which allows for continuous system fuzzing.

Besides saving time, this feature helps minimize manual work during vulnerability testing, which consequently reduces operating expenses for manufacturers. Once a test target is selected, there is no need for manual input until fuzzing is complete. If a vulnerability or bug is detected, the system automatically records the issue and resets back to the original ECU status, continuing the fuzz testing process. For instance, the AutoCrypt Security Fuzzer automatically issues commands like “ECU reset” or “DTC clear” to restore the system to its original state.

Impact on Cybersecurity Testing and Regulatory Compliance

Employing smart automotive fuzzing tools accelerates and automates vehicle testing while maintaining thorough coverage of all components and ensuring comprehensive cyber security testing for regulatory compliance.

The ISO/SAE 21434 standard, for example, emphasizes the need for OEMs to integrate fuzz testing into their DevOps processes to ensure vehicle software security integrity. By automating fuzz testing, manufacturers can cover a wider range of potential vulnerabilities and comprehensively test the system against threats with minimum down time.

While UN R155 regulation does not specifically mandate vehicle fuzz testing, it emphasizes the importance of ensuring robust cybersecurity measures across vehicle software and embedded systems by requiring an automotive cybersecurity management system (CSMS).

To meet these requirements, OEMs and their suppliers must show that they have implemented rigorous risk assessment methods for uncovering vulnerabilities, which often includes fuzz testing as a practical approach. By using fuzz testing to stress-test vehicle components and communication protocols, manufacturers can better demonstrate that they have mitigated potential security risks in line with UN R155 guidelines.

Automated fuzzing provides a robust feedback mechanism that allows engineers to detect and address security gaps early in the development cycle. By doing so, manufacturers can improve vehicle safety while reducing the overall cost and complexity of software development.


Smart and automated fuzzing tools are revolutionizing the way manufacturers test and secure vehicle systems, making the process faster and more efficient. With innovations like AI-driven fuzzing and automatic ECU recovery, smart fuzz testing helps close security gaps while speeding up time-to-market.

Incorporating smart automotive fuzz testing into the development pipeline not only improves security but also ensures compliance with emerging regulations, making it a critical tool for the future of automotive cybersecurity. By embracing these advanced techniques, manufacturers can protect their vehicles—and their customers—against evolving cyber threats.

To see the AutoCrypt Security Fuzzer in action request a free trial license.

To learn more about AUTOCRYPT’s vehicle cybersecurity testing measures and cybersecurity regulation compliance consulting services, contact global@autocrypt.io.

Misbehavior Detection for the V2X Communication Ecosystem

The Vehicle-to-Everything (V2X) ecosystem runs on a secure, decentralized certification system utilizing public key infrastructure (PKI) technology. Standardized as the Security Credential Management System (SCMS), the system ensures that every V2X end entity is given a unique set of digital certificates, generated and distributed by multiple layers of independent certification authorities (CA). These V2X end entities, including the onboard units (OBU) installed in vehicles and the roadside units (RSU) connected to points of road infrastructure, use their private key to sign off messages sealed with their certificates.

Such a PKI framework ensures trust in V2X communication by validating messages’ authenticity and integrity. “Authenticity” implies that the message’s sender is truly who they claim to be, while “integrity” signifies that the message has not been altered during transmission.

 

Message accuracy: the limitation of PKI

Although the PKI guarantees end-to-end security for all V2X communications, it does not exert control beyond the communication endpoints. Due to this limitation, the PKI is not capable of validating the content of messages, such as, whether the message contains accurate information about the vehicle and its environment. For instance, if a car is broadcasting a V2X message stating that it is traveling at 60 km/h while it is in fact traveling at 80 km/h, detecting this discrepancy is beyond the PKI’s capability. Given that vehicles rely on these V2X messages to make decisions on the road, it is crucial to ensure that all information is accurate.

There are a couple of potential reasons behind an inaccurate V2X message. The first involves a hacked vehicle. A malicious road user might hack into their vehicle to purposefully create false or misleading messages in order to cause changes in traffic in their favor. An external hacker could also do so to manipulate traffic. Although hacking into a vehicle is extremely difficult to accomplish given the sophisticated security measures, it does pose a potential risk to the V2X ecosystem.

Another factor there could lead to an inaccurate message is that a vehicle’s internal systems might be experiencing a malfunction that results in incorrect signals given to its OBU. Although no malicious actions are involved, it is still considered misbehavior and poses a threat to its surrounding environment.

 

The need for misbehavior detection for V2X

To minimize the risk of false messages, a misbehavior detection mechanism needs to be implemented in the SCMS ecosystem so that potentially malicious users can be removed from the V2X ecosystem immediately.

How is this done? AUTOCRYPT’s misbehavior detection solution, AutoCrypt® MBD, is deployed in both the end entity and the PKI server. The LMBD (local MBD) is embedded in the OBUs, screening all incoming messages for anomalies. The GMBD (global MBD), situated in the SCMS server, receives the list of flagged certificates from the LMBD, allowing the misbehavior authority (MA) to review and revoke the respective certificates. Once a certificate is revoked, it is added to the certificate revocation list (CRL) and distributed back to the LMBD so that the certificate is no longer recognized in the V2X ecosystem.

 

autocrypt mbd

 

Although there has been no universal standard or agreement on what constitutes misbehavior, some common signs of misbehavior include:

  • Attempting to use expired or invalid certificates
  • Mismatched signature (private key)
  • Unintelligible data (time, location, speed, et cetera)

AutoCrypt® MBD periodically updates its list of misbehaviors to address the latest threats, adding a final layer of security for the V2X ecosystem.

To learn more about AUTOCRYPT’s secure V2X solutions and services for C-ITS, check out Secure V2X Communications.

EV Charging: Balancing Battery Health, Charging Time, and Range

Electrify America, one of the largest charge point operators in the US, recently announced a new electric vehicle (EV) charging policy to curb charge hogging. The company stated that they will start penalizing customers who charge their vehicles beyond 85% at Electrify America fast chargers. According to the CEO’s statement, charging will stop at 85 percent, and if drivers don’t unplug their EVs within a 10-minute grace period, they’ll be billed extra for idle time. 

The response to the new policy has been divergent, with some arguing that the policy will help resolve crowding at charging stations, and others questioning whether it is okay for a company to ration battery power. Regardless of the public perception of the news, we would like to discuss some charging best practices outlined for EV owners.  

The 20/80 rule  

The general rule of thumb for EV charging is to keep the vehicle’s energy levels in the 20-80% range. While this is not a strict requirement, there are several reasons why this range has become standard practice: 

EV Battery Health 

Keeping the vehicle energy levels in the 20-80 percent range is considered the most optimal for battery health. This is a safe range that ensures that the battery operates in balanced conditions. Going beyond this range may put extra strain on the EV battery, which is fine occasionally, but has negative effects on battery performance if done consistently.  

Charging Time Efficiency 

Realistically speaking, charging up from 80% to 100% will take around the same time, if not more, than getting to that first 80% mark. This is because the rate at which an EV battery charges is not uniform, charging speed slows down significantly as you pass the 80% threshold. So, charging until 80% is simply more time-efficient.  

Range 

While there aren’t any immediate performance issues associated with charging over 80%, dipping below 20% may not be wise in a practical sense. Imagine you are driving to a destination with 45% of your battery capacity. Navigation says you will need about 35% of your battery to get to your destination. But navigation calculations may not always be correct, sometimes underestimating the amount of energy needed to make it from point A to point B, especially because energy consumption also depends on driving and weather conditions. So, to avoid range anxiety it is often recommended to keep vehicle battery levels above 20%. Once again, occasional deviations are totally fine.  

While widespread, the 20/80 rule is a rule of thumb. Therefore, it is always advised to follow the guidelines of your respective vehicle manufacturer regarding charging best practices. After all, different vehicles function differently and the manufacturers that created the vehicle will indeed know best.  

Going beyond the recommended battery level range on occasion should not alter battery performance. So, if you have a long road trip planned do not fret about fully charging your battery. EV batteries are sophisticated pieces of hardware designed to withstand various conditions. However, be aware that subjecting the battery to constant strain by frequently keeping energy levels above 80 or below 20 may speed up the battery wear and tear process, which means that you may need a repair or a replacement earlier than anticipated. 


All in all, electric vehicles and their batteries need to be treated with appropriate care to ensure longevity and optimal performance.  

To keep informed on the latest developments in mobility tech subscribe to AUTOCRYPT’s monthly newsletter. 

Enhancing Public Charging Stations with Plug & Charge

ISO 15118 – a seemingly obscure collection of letters and numbers – signifies one of the most progressive standards in electric vehicle (EV) charging. The ISO 15118 standard, formally known as “Road Vehicles – Vehicle to Grid Communication Interface,” establishes the communication protocol between a vehicle and the charging grid. This standard laid down the foundation for Plug & Charge (PnC), a feature that establishes encrypted communication between an EV and a charging station.

While the technology has not been mandated by any government yet, many prominent charge point operators (CPO) and vehicle manufacturers are implementing it. This article will dive into how implementing Plug & Charge would elevate public charging stations to the next level, offering numerous benefits and opportunities for the industry.

Plug & Charge and Cybersecurity

With Plug & Charge the often multi-step charging process becomes as simple as plugging in your EV to the charger. The ISO 15118 protocol enables a seamless charging process where a charger can automatically identify and verify a plugged-in vehicle, authenticating the charging process and processing the payment without human intervention.

This technology requires a high level of communication between vehicles and infrastructure which may raise concerns about security. It is important to note that Plug & Charge was designed with cybersecurity at its core. The technology uses public key infrastructure (PKI) based cryptographic mechanisms to enable two-way authentication and end-to-end encryption during the charging process. By using asymmetric cryptography – a pairing of a public and private security key, neither of which can be decrypted without the other – the charging station is able to verify an EV’s identity and vice versa. This level of encryption guarantees confidentiality in every exchange, creating a secure environment for EV drivers to charge their vehicles without worrying about cyber attacks or data breaches.

Improved User Experience

Plug & Charge significantly improves user experience by making the entire charging process seamless. EV owners set up their payment and authentication information during vehicle purchase and this information is automatically communicated to the charger when the car is plugged in.

In the modern world, where hassle-free is king, public charging stations can generate a lot of value by implementing the technology. Considering how charging is one of the biggest obstacles to EV adoption rates, improving charging experience is one of the sure ways to aid adoption.

According to a survey conducted by BCG, EV drivers ranked charger reliability, charging time, and ease of use among their top priorities when charging in public. Charging stations that implement Plug & Charge to enhance performance on these metrics will improve their competitiveness, simultaneously raising the overall standard for public charging user experience.

Path Toward V2G Implementation

Apart from instant benefits, implementing Plug & Charge creates a foundation for further technological improvements. Most importantly, it paves the way for Vehicle-to-Grid (V2G) implementation. ISO 15118 is designed for vehicle-to-grid communications and grid optimization. Integrating Plug & Charge in public charging stations will equip the infrastructure with the necessary technology for smart charging applications.

Why is this important? The smart charging mechanism in ISO 15118 allows for sustainable management of energy supplied through the grid. It does that by matching the grid’s capacity with the energy demand of electric vehicles plugged in to the grid. This optimization allows vehicles to charge during periods of high energy availability or when overall electricity usage is low, reducing strain on the electricity grid and promoting sustainable energy usage. The benefits of this technology will only grow as EV adoption rates rise with time.

Another feature outlined in ISO 15118 is bi-directional charging, which allows vehicles to receive and supply energy from and back to the grid. This benefits both the grid and EV owners. On the grid side, electric vehicles can serve as mobile energy storage units that supply electricity back to the grid during periods of high demand. On the customer-side, it offers EV owners a chance to earn extra cash or energy credits by selling electricity back to the grid. Bi-directional charging creates a symbiotic relationship between the electricity grid and electric vehicles, helping maintain balance and energy efficiency.


Implementing Plug & Charge in public charging stations presents a significant opportunity to enhance the EV charging experience. High level of cybersecurity, seamless charging process, and readiness for V2G integration make Plug & Charge a valuable investment.

As a trusted PnC implementation partner, Autocrypt worked closely with various CPOs and OEMs to deploy secure PnC. Recently, Autocrypt joined forces with Emobi, a US-based e-mobility hub, to launch the first US-based PnC ecosystem.

As the demand for EVs continues to grow, the adoption of standards like ISO 15118 and features like Plug & Charge will be crucial in supporting the sustainable and efficient expansion of EV infrastructure.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.