AVL Focus - Issue 2025

New Offensive Security

Lab for Connected Vehicles

Launched in Italy

o address the growing threat landscape in connected

mobility, AVL Italy converted its Technical Center in

Cavriago in spring 2025 by adding an Offensive Security

Lab, developed in collaboration with Bizclap. The new facility

establishes a full-stack penetration testing environment for the

automotive industry while extending capabilities to cross-in-

dustry applications.

Core Capabilities

The lab deploys a red-team/blue-team infrastructure for

comprehensive security testing across vehicle architectures.

Testing capabilities include ECUs, gateways, telematics units,

and HMIs using CAN-FD, FlexRay, and Automotive Ethernet

protocols. Dedicated BMS testing focuses on thermal runaway

injection and SOC manipulation scenarios.

The arsenal integrates AVL and Vector toolchains with the

MITRE ATT&CK framework, enabling protocol-aware fuzzing

on UDS, DoIP, and SOME/IP. HiL testing applies CVE-tracked

exploits on automotive RTOS platforms. Advanced persistent

threat simulations reproduce complete kill chains from cloud

backends to edge ECUs, including attack vectors from OBD-II

and USB interfaces through lateral movement in in-vehicle

networks.

Cross-Industry Applications

• Energy storage: industrial BMS and grid inverters

(IEC 62351)

• E-mobility: OCPP 2.0.1 charging infrastructure

• Industrial IoT: OT protocols in Industry 4.0 environments

Compliance and Leadership

Operating under ISO/SAE 21434:2021 certification (achieved

in 2023), the lab ensures compliance with UNR 155/156 re-

quirements for OEM programs. Led by Product Chief Roberto

Di Stefano, who has more than 20 years of expertise, the

team applies DevSecOps principles consistently from concept

through end of life.

The Expanding TARA Landscape

TARA represents a central role in assuring vehicle cyber

security. In the past, only selected components were subject

to analysis; today, every control unit and subsystem requires

continuous risk assessment throughout its lifecycle.

The reason is clear: the threat environment is constantly

evolving. New electronic control units, over-the-air updates,

and connected services all introduce new vulnerabilities. As a

result, the number of TARAs required per vehicle program has

increased dramatically. Managing this workload with static

spreadsheets is no longer feasible. Risk models must be con-

tinuously updated, changes tracked, and results reintegrated

into system-level security concepts. Without automation and

tool support, this cannot be sustained.

Opportunities Beyond Automotive

While the car and truck segments continue to refine efficiency

and automation, agriculture, construction, and off-highway

machinery must now establish their cyber security capabilities

from the ground up. The CRA will require rapid progress in

governance, processes, and tooling. Drawing on its automo-

tive experience, AVL supports these industries in transferring

proven practices to their specific environments – bridging the

maturity gap before compliance deadlines arrive.

Future Path: Smarter, Transparent Cyber Security

The number of TARAs will rise with increasing system com-

plexity and faster change. Cyber security testing is crucial to

validate assumptions, find vulnerabilities, and ensure mea-

sures work effectively. Automation and AI are vital for scalable

cyber security, but transparency is non-negotiabl – regulators

demand traceable, reproducible evidence of assessments,

tests, and updates. AVL combines advanced automation with

full auditability, achieving efficiency while maintaining compli-

ance. This balance keeps cyber security sustainable, scalable,

and prepared for future regulatory demands.

AVL’s Cyber Security

Expertise at a Glance

• More than 10 years of experience in auto­motive

cyber security

• Over 250 completed TARAs and security concept

definitions

• Numerous gap analyses, cyber security training

courses, and consulting projects across industries

and regions

• Dozens of penetration testing projects with OEMs

and suppliers worldwide, End-to-end software

toolchain provided through AVL SecGuard

2025