Callisto Technology

AutoSec Lab Vehicle Security Testing Laboratory Solution

A laboratory construction solution for vehicle cybersecurity, OTA software updates, and automotive data security compliance. Covering standard test cases, testing tools, management platform, evidence archiving, risk rating, and remediation retesting, helping OEMs and testing institutions build executable, auditable, and reusable vehicle security testing capabilities.

AutoSec Lab

标准库 + 用例库 + 工具链

测试管理平台 + 证据中心

整改闭环 + 复测验收

GB 44495 / GB 44496

UN R155 / UN R156

9 大测试能力域

Why a Vehicle Security Testing Laboratory?

Automotive cybersecurity has evolved from a "compliance item" to a "market access threshold." GB 44495, GB 44496, UN R155, and UN R156 require OEMs to maintain auditable testing capabilities. Scattered tools, ad-hoc testing processes, and missing evidence chains cannot support production compliance and export certification.

Mandatory Regulatory Access

GB 44495 and GB 44496 will be progressively enforced from 2026. UN R155/R156 are already prerequisites for market access in Europe, Japan, and South Korea. Without systematic testing capabilities, vehicle models cannot be launched.

Traceable Test Evidence

Regulatory audits and type approval require reproducible testing, archived evidence, and closed-loop defect management. Ad-hoc testing cannot produce deliverable compliance evidence packages.

Multi-Domain Integration

Vehicle security spans in-vehicle networks, wireless, mobile apps, firmware/hardware, OTA, and data security. No single team can cover all domains without a unified orchestration platform.

Export Certification Differentiation

Different target markets (EU, Middle East, Southeast Asia) have varying regulatory requirements. A standard clause mapping matrix and reusable test case library avoid redundant construction.

Production Iteration Retesting

OTA updates and model year iterations require continuous regression testing. One-time outsourced testing cannot support full lifecycle compliance.

Supply Chain Security Control

ECUs, gateways, and T-BOXes from Tier1s require security acceptance testing before integration. Labs need both component-level and system-level verification capabilities.

What is AutoSec Lab?

AutoSec Lab is Callisto's vehicle cybersecurity testing laboratory construction solution for OEMs, testing and certification institutions, automotive security labs, and R&D validation centers. Built on "standards library + test case library + tool chain + testing management platform + evidence center + remediation closure," it covers nine capability domains including vehicle cybersecurity, OTA software updates, automotive data security, in-vehicle networks, wireless communications, mobile, firmware, hardware, and penetration testing, supporting GB 44495, GB 44496, GB/T 44464, GB/T 40855/40856/40857, UN R155, and UN R156 compliance testing, evidence management, and remediation closure.

Standards Library

8+ regulation clause mapping

Test Case Library

300+ executable test cases

Tool Chain

7 specialized testing tools

Management Platform

Unified scheduling & archiving

Evidence Center

Logs/screenshots/captures/video

Remediation Closure

Defect tracking to retest

Covered Standards & Regulations

Built-in standard clause mapping matrix automatically links test cases to regulatory clauses, generating auditable compliance coverage reports

GB 44495—2024

Technical Requirements for Vehicle Cybersecurity

Vehicle network security, external connections, data security, software updates

GB 44496—2024

General Technical Requirements for Vehicle Software Updates

OTA update process, version management, rollback protection, user notification

GB/T 44464—2024

General Requirements for Vehicle Data

Data classification, personal information protection, cross-border compliance

GB/T 40855—2021

EV Remote Service & Management System Cybersecurity Technical Requirements

RSU/T-BOX data transmission, remote interaction security

GB/T 40856—2021

In-Vehicle Information Interaction System Cybersecurity Technical Requirements

IVI communication, external interfaces, application security

GB/T 40857—2021

Vehicle Gateway Cybersecurity Technical Requirements

Gateway routing, protocol isolation, access control

UN R155

UN Regulation No. 155 - Cybersecurity Management

CSMS framework, threat identification, risk assessment, monitoring response

UN R156

UN Regulation No. 156 - Software Update Management

SUMS framework, RXSWIN, update integrity, configuration management

Overall Capability Architecture

Unified orchestration by management platform, parallel multi-domain tool integration, test case library driven execution, unified evidence center archiving

Governance Layer

Laboratory knowledge assets and control foundation

Standards Library
Test Case Library
Asset Library
Risk Library
Defect Library
Report Templates
Test Object Layer

Full-stack test objects from vehicle to component

Vehicle
Bench
ECU
Gateway
T-BOX
IVI
APP
OTA Platform
Backend Services
Specialized Testing Layer

Seven specialized testing capabilities integrated in parallel

In-Vehicle Network Testing
Wireless Entry Testing
Mobile Testing
Firmware & Hardware Testing
OTA Compliance Testing
Data Security Testing
Penetration Testing
Evidence & Operations Layer

Test execution, evidence archiving, and closure management

Test Plan
Case Scheduling
Raw Logs
Screenshots/Captures/Video Evidence
Defect Closure
Remediation Retest
Compliance Reports

Nine Testing Capability Domains

From asset identification to attack verification, covering the full chain of vehicle cybersecurity testing capabilities

01

Vehicle Cybersecurity Asset Identification

Catalog hardware assets, software components, network interfaces, communication links, and external connection entries to establish a maintainable asset inventory and attack surface map.

  • Hardware asset inventory (ECU/Gateway/T-BOX/IVI)

  • Software components & SBOM

  • Network interfaces & protocol inventory

  • External connection entry profiling

02

Attack Surface Enumeration

Based on asset inventory, identify all exploitable attack entries including physical interfaces, short-range communication, remote communication, and backend interfaces.

  • Physical interfaces (OBD/USB/Debug)

  • Short-range (Bluetooth/NFC/UWB)

  • Remote (4G/5G/Wi-Fi)

  • Backend APIs & cloud services

03

Authentication & Access Control

Verify that authentication mechanisms, permission control policies, and session management across vehicle components meet regulatory requirements.

  • ECU diagnostic auth (UDS SecAccess)

  • OTA package signature verification

  • Backend account & permission model

  • Mobile login & session security

04

Communication Confidentiality & Integrity

Test whether encryption and integrity protection for communications between vehicle/cloud and inter-vehicle components are sufficient.

  • TLS configuration & certificate validation

  • In-vehicle bus message integrity

  • OTA channel encryption

  • V2X message signature verification

05

In-Vehicle Bus & Automotive Ethernet Security

Conduct protocol-level security testing on CAN/CAN-FD/LIN/Automotive Ethernet to identify bus injection, replay, and DoS risks.

  • CAN message injection & replay

  • DoIP diagnostic access verification

  • SOME/IP service security

  • Bus DoS & fuzzing

06

Wireless Entry Security

Cover attack surface verification for Bluetooth key, Wi-Fi hotspot, GNSS positioning, and V2X communication entries.

  • Bluetooth key relay & replay

  • Wi-Fi hotspot & service exposure

  • GNSS spoofing & jamming

  • V2X abnormal message verification

07

Mobile APP & Privacy Compliance

Conduct reverse analysis, communication security testing, and privacy compliance detection on vehicle control apps, covering data collection and permission usage.

  • APP reverse & hardcode detection

  • Privacy policy vs. actual collection

  • Out-of-scope permission detection

  • Data transmission & local storage security

08

Firmware, Binary & Hardware Interface Security

Deep security analysis of ECU firmware, IVI system images, and hardware debug interfaces to identify backdoors and vulnerabilities.

  • Firmware reverse & sensitive info extraction

  • Debug port (JTAG/UART) verification

  • USB malicious file & media parsing

  • Binary vulnerability & backdoor detection

09

OTA Software Update & Data Security Compliance

Cover OTA update full-process security testing and automotive data security compliance verification, supporting GB 44496 and GB/T 44464.

  • OTA package tampering & replay verification

  • Update integrity signature verification

  • Data classification & grading compliance

  • Personal information & cross-border data

Typical Test Scenario Library

12 high-frequency test scenarios distilled from real attack paths, directly reusable for regulatory testing and R&D validation

Remote Vehicle Control Interface Privilege Verification

Verify whether vehicle control APIs (remote start, AC control) can be called without authorization, covering authentication, rate limiting, and command validation.

OTA Package Tampering & Replay Verification

Simulate MITM tampering of OTA packages or replay of historical update requests, verifying signature verification, rollback prevention, and integrity protection.

CAN Message Injection Impact Verification

Inject abnormal CAN messages via OBD or bus interface, verifying whether the vehicle validates source and filters exceptions for critical control commands.

Automotive Ethernet DoIP Diagnostic Access Verification

Verify whether DoIP diagnostic protocol authentication, session management, and address filtering can be bypassed, assessing diagnostic interface exposure risk.

Bluetooth Key Relay & Replay Verification

Simulate Bluetooth relay attacks and signal replay, verifying digital key system distance determination, anti-relay, and session validity mechanisms.

Wi-Fi Hotspot & Vehicle Service Exposure Verification

Scan vehicle Wi-Fi hotspot open ports and exposed services, verifying unauthorized access or default credential risks.

USB Malicious File & Media Parsing Verification

Deliver malicious files and abnormal media via USB, verifying IVI system file parsing security and autorun protection.

GNSS Spoofing Vehicle Function Impact Verification

Simulate GNSS signal spoofing, assessing positioning deviation impact on navigation, trajectory recording, and location-based services.

V2X Abnormal Message Verification

Inject abnormal V2X messages (BSM/SPaT/MAP), verifying V2X module message validation, filtering, and fault tolerance for abnormal inputs.

Firmware Sensitive Info & Debug Port Verification

Extract keys, certificates, and hardcoded credentials from ECU and IVI firmware, verifying whether JTAG/UART debug ports are effectively disabled or hardened.

APP Out-of-Scope Privacy Collection Verification

Dynamically monitor vehicle control app background data collection behavior, comparing with privacy policy statements to identify out-of-scope collection.

Attack Chain Comprehensive Penetration Verification

Combine multiple vulnerabilities into complete attack chains, progressively penetrating from external entry to vehicle control permissions, verifying defense-in-depth and detection response.

Test Execution & Evidence Closure

8-step standardized testing process ensuring every test is plannable, executable, traceable, and retestable

1
Test Preparation

Define test scope, target vehicle, regulatory basis, and acceptance criteria. Assemble testing team and resources.

2
Standard Mapping

Decompose regulatory clauses into testable requirements, mapping to specific test cases in the library, generating test matrix.

3
Environment Setup

Set up vehicle bench or real vehicle test environment, connect bus simulation, wireless testing, and tool chain, complete environment verification.

4
Baseline Scanning

Execute asset identification and attack surface enumeration, establish test object baseline profile, identify obvious risks.

5
Specialized Testing

Execute standard test cases across nine capability domains, recording results, raw logs, and process screenshots.

6
Attack Verification

Conduct in-depth attack verification on identified risks, reproduce vulnerabilities, and assess actual impact.

7
Issue Closure

Log discovered issues into defect library, track remediation progress, verify fix effectiveness.

8
Retest & Reporting

Conduct regression retesting on remediated versions, generate compliance test reports and evidence packages, archive to evidence center.

Laboratory Construction Deliverables

Complete delivery package from planning to operations, ensuring the lab can operate independently and iterate continuously

Laboratory Construction Plan

Lab positioning, capability planning, site layout, staffing, and construction roadmap.

Equipment & Tool Capability Specs

Test equipment list, tool capability matrix, integration solution, and procurement recommendations.

Standard Clause Mapping Matrix

Correspondence between regulatory standards and test cases, supporting compliance coverage analysis.

Test Case Library

300+ executable test cases covering nine capability domains, supporting parameterization and scenarios.

Typical Test Scenario Library

12 high-frequency attack scenario test scripts with steps, tools, and expected results.

Test Process & Evidence Templates

Standardized testing execution process, evidence collection specifications, and archiving templates.

Compliance Test Report Template

Compliance test report templates for GB 44495/44496, UN R155/R156.

Remediation Retest Report Template

Defect fix verification and regression retest report templates, supporting closure management.

Training & Handover Materials

Operation manuals, training courseware, and handover documentation ensuring team can independently undertake testing.

Operations & Upgrade Support Plan

Lab daily operations, test case library updates, tool upgrades, and regulatory tracking mechanisms.

Integration with Callisto Product Ecosystem

AutoSec Lab is not an isolated testing tool, but the verification foundation of Callisto's automotive security product ecosystem

S3-VSOC

Receives risk events discovered in testing and operational closure, converting test results into continuous monitoring rules.

VTI

Provides threat intelligence, vulnerability intelligence, and attack scenario updates, driving test case library evolution.

V-Shield

Supports USB malicious file, vehicle virus protection, and malware detection test verification.

V-TARA

Supports threat modeling and risk analysis, providing input for test prioritization.

V-Compliance

Supports data security and compliance test report generation, linking to regulatory clause mapping.

V-Copilot / V-Insight

Supports test data analysis, report generation, and risk insights, improving testing efficiency.

Frequently Asked Questions

AutoSec Lab targets OEM cybersecurity labs, R&D validation centers, testing and certification institutions, automotive security testing labs, Tier1 security testing teams, as well as connected vehicle, cockpit, T-BOX, OTA platform teams, and regulatory compliance and export certification teams. Whether building a lab from scratch or supplementing existing testing capabilities, this solution enables rapid construction of systematic vehicle security testing capabilities.

Traditional testing services are typically project-based one-time deliveries that end when testing concludes. AutoSec Lab delivers a "capability system" — including standards library, test case library, tool chain, management platform, evidence center, and remediation closure mechanism. Customers can continuously conduct testing independently based on this system, supporting production iteration and regulatory updates, rather than relying on external vendors each time.

Yes. AutoSec Lab has built-in standard clause mapping matrices for GB 44495—2024 (Vehicle Cybersecurity Technical Requirements) and GB 44496—2024 (Vehicle Software Update General Technical Requirements). Test cases correspond one-to-one with regulatory clauses, directly generating compliance test reports and evidence packages for type approval.

Yes. AutoSec Lab's standards library covers UN R155 (Cybersecurity Management) and UN R156 (Software Update Management). Test cases support CSMS and SUMS framework requirements, helping OEMs complete certification testing for EU, Japan, South Korea, and other markets, generating evidence materials that meet certification body requirements.

Yes. AutoSec Lab supports modular construction. Customers can choose which capability domains to build first based on priority. We typically recommend building "Asset Identification + Attack Surface Enumeration + In-Vehicle Network Testing + OTA Compliance Testing" as foundational capabilities first, then gradually expanding to wireless, mobile, firmware/hardware, and penetration testing. Callisto provides a phased construction roadmap.

Callisto maintains a dedicated regulatory tracking team that continuously monitors domestic and international automotive cybersecurity regulatory developments. When new regulations are published or existing ones revised, the standards library is updated with clause mappings, and corresponding test cases are added or adjusted in the test case library. These are synchronized to customer labs through the operations upgrade mechanism, ensuring testing capabilities always cover the latest regulatory requirements.

Risk events, attack paths, and detection rules discovered during AutoSec Lab testing can be synchronized to the S3-VSOC Security Operations Center, converting into continuous monitoring rules for vehicles. This way, issues verified in the lab are also detected and responded to in real-time during production vehicle operations, forming a complete "testing-operations-retesting" closed loop.

It depends on construction scope and existing foundations. Basic capability domains (4 domains + management platform) typically take 3-4 months to build with initial testing capability. Full nine-domain construction typically takes 6-9 months. Callisto provides a phased delivery plan with clear milestones and acceptance criteria for each phase, ensuring a controllable and visible construction process.

Ready to build your vehicle security testing laboratory?

From standard test cases to evidence closure, AutoSec Lab helps you build executable, auditable, and reusable vehicle security testing capabilities.

Contact us about our automotive cybersecurity services

With the transformation of automobiles into intelligent ones, automobile cybersecurity challenges are becoming increasingly prominent, and automobile companies urgently need to upgrade their cybersecurity protection systems.
Callisto (Beijing) Technology Co., Ltd. is a national high-tech enterprise founded by one of the world's first technical experts focusing on automotive network security, invested by world-renowned institutions, and possessing a number of independent intellectual property rights.
GDPR
Chinese vehicle cybersecurity standard:
General Technical Requirements for Automobile Information Security
Comply with" Guidelines for the Construction of Internet of Vehicles Network Security and Data Security Standard System",meet GB/T 40861-2021 "General Technical Requirements for Automobile Information Security", establish and provide automobile network security services. Any data we process for our customers and any risks we discover are the private assets of our customers and cannot be accessed without authorization.
©2022 Callisto (Beijing) Technology Co., Ltd.ICP No. 2022011284-1
ISO/SAE 21434
Vehicle cybersecurity certification:
ISO/SAE 21434 and UN R155UN R156

Contact us for ISO and WP.29 certification services to meet EU regulations.

Tel: 4001059410

Address: 201, Building 2A, Silicon Valley Liangcheng, Haidian District, Beijing