top of page

Vehicle Control Unit (VCU) logic development  for Electric Vehicle (EV)

Customer Overview

The customer ranks among the top 20 tier 1 global automotive suppliers, providing technology for autonomous driving and advanced driver assistance systems (ADAS) that enhance secure connectivity and vehicle electrification. They enlisted AEM's help to design and implement a penetration testing program for an Electronic Control Unit (ECU) used in vision systems applications.

Customer Challenge

The rapidly evolving cybersecurity landscape in the automotive sector has rendered the protection of embedded systems far more challenging than before. The customer's unique requirements further complicate this task:

  • The need to secure systems designed for inclusion in over 1.5 million vehicles sold by various original equipment manufacturers (OEMs) globally.

  • A global manufacturing presence with several plants.

  • The presence of undocumented pre-existing testing equipment.

  • Safety-critical systems that necessitate tailored assessments. The potential for ECU breaches to endanger users physically, along with the substantial liability risks for the supplier's clients, underscores the necessity for a proficient partner. This partner is required to define and conduct penetration testing that satisfies all safety and quality standards.

AEM Solution

AEM's embedded software engineering team specializes in full lifecycle development, possessing a unique capability to comprehend and tackle the nuances of cyber threats to embedded systems, distinct from those found in conventional information systems security. This specialized expertise enabled us to swiftly integrate into the customer's ecosystem, delivering superior results at a reduced cost.

Our developers collaborated to tailor and document a new testing process using the customer's existing tools, intended for easy replication. We developed penetration testing protocols customized for each type of embedded system, taking into account their vulnerability and criticality levels. This process required direct input and approval from the original equipment manufacturer (OEM).

Project outcome

After a brief initial ramp-up period and comprehensive testing, AEM provided a detailed penetration report that evaluated the entire product cybersecurity ecosystem. This report highlighted:

  • Vulnerabilities that could compromise the security of the ECU.

  • Various levels of risk severity could negatively impact the ECU if exploited.

  • Recommendations to mitigate these risks are tailored according to their severity.

The project was completed nine months ahead of schedule, taking only three months to finish, and the results were delivered at a cost 50% lower than that of competing specialists.

bottom of page