GB/T 45496-2025 English PDFUS$279.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 45496-2025: Motor vehicle product recall - Guidelines for information defect assessment Status: Valid
Basic dataStandard ID: GB/T 45496-2025 (GB/T45496-2025)Description (Translated English): Motor vehicle product recall - Guidelines for information defect assessment Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: T40 Classification of International Standard: 43.020 Word Count Estimation: 14,114 Date of Issue: 2025-03-28 Date of Implementation: 3/28/2025 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 45496-2025: Motor vehicle product recall - Guidelines for information defect assessment---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.ICS 43.020 CCST40 National Standard of the People's Republic of China Guidelines for evaluating automotive product recall information defects Released on 2025-03-28 2025-03-28 Implementation State Administration for Market Regulation The National Standardization Administration issued Table of contentsPreface III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Evaluation Process 2 5 Assessment and Defect Identification 3 5.1 Overview 3 5.2 Possibility 3 5.3 Severity 5 5.4 Determine vulnerability risk level 6 5.5 Defect Identification 6 6.Disposal of evaluation results 6 6.1 Implementation of recall 6 6.2 Issuing warnings 6 6.3 Emergency Response 7 Appendix A (Informative) Vulnerability Exploitation Methods 8 A.1 Attack vectors 8 A.2 Trigger conditions 8 A.3 Permission Requirements 8 A.4 User Interaction 8 References 9ForewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document was proposed and coordinated by the National Technical Committee for Product Defects and Safety Management Standardization (SAC/TC463). This document was drafted by. State Administration for Market Regulation Defective Product Recall Technology Center, Huawei Technologies Co., Ltd., China Automotive Industry Corporation China Automotive Engineering Research Institute Co., Ltd., China Society of Automotive Engineers, China Automotive (Beijing) Intelligent Connected Vehicle Research Institute Co., Ltd., Guangzhou Xiaopeng Motors Technology Co., Ltd., Tsinghua University, Zhejiang Tsinghua Yangtze River Delta Research Institute, Beijing China Automotive Research Institute Technology Co., Ltd., China Automotive Data Co., Ltd., Yutong Beijing Automobile Co., Ltd., Geely Automobile Group Co., Ltd., Beijing Mercedes-Benz Sales and Service Co., Ltd., Beijing Ideal Automobile Co., Ltd. company. The main drafters of this document are. Li Yan, Dong Honglei, Xiao Lingyun, Tan Yuhan, Xia Guoqiang, Liang Xinmiao, Li Wenzhao, Xi Ming, He Xing, Zhang Yanan, Chen Guihua, Fang Rui, Ding Xu, Gao Yongqiang, Feng Yongqin, Zhang Heng, Qu Xianguo, Ren Yi, Sun Yingce, Peng Jianfen, Huang Rong, Liu Yahui, Wang Jian, Peng Yamin, Chen Jie, Shi Yan, Zhou Fanhua, Ma Chao, Guo Zhen, Yu Mingming, Ma Tao, Wang Peng, Chen Yupeng, and Wu Shengnan.IntroductionWith the cross-border integration of artificial intelligence, information communication and automotive technology, cars are no longer isolated electromechanical units, but have become an important part of the intelligent ecosystem. As a carrier, cars have gradually evolved from information-isolated means of transportation to a digital space that integrates travel, entertainment, and services. Security and information security risks are intertwined and superimposed, making the security situation more complex and severe. The information security risks faced by automobiles come from "cloud-pipe-end-external links", namely cloud platforms, network transmission, vehicles and related external equipment. Cloud platform information security risks include malicious theft and tampering of data by hackers, illegal access to sensitive data, etc. Network transmission security risks include But not limited to. 1) Transmission risk, sending wrong information; 2) Authentication risk, impersonating the identity of the verifier through identity forgery, dynamic hijacking, etc. Information; 3) Protocol risk, attackers use false information to induce vehicle misjudgment. Vehicle-side information security risks include but are not limited to. 1) Software and hardware system 1) System security, such as exploiting vulnerabilities to attack vehicles; 2) Key security, such as attackers obtaining control information through plug-in debugging and reverse analysis, using scripts Control the vehicle through a digital key; 3) Architecture security, such as controlling the vehicle's electronic control unit (ECU) through a controller area network (CAN). The security of externally linked devices includes, but is not limited to, risks caused by vulnerabilities in external ecological components such as manipulating apps and charging piles. If there is a loophole in any link of the "link", it may affect driving safety, so automobile information defects need to be considered comprehensively from the perspective of system ecology. Guidelines for evaluating automotive product recall information defects1 ScopeThis document provides recommendations for the evaluation of automotive product information defects, and outlines the evaluation process, evaluation and defect identification, and the handling of evaluation results. This document is applicable to automobile manufacturers, parts manufacturers, system suppliers, data service providers, network operators, product recall The recall authorities, product recall technical institutions and other entities conduct defect analysis and defect judgment on the loopholes of the "cloud-pipe-end-external link" system of in-use vehicles. Determination, risk warning and emergency response.2 Normative referencesThe contents of the following documents constitute the essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 25069 Information security technical terms GB/T 34402-2017 Guidelines for Safety Risk Assessment and Risk Control of Automotive Products GB/T 40914 Automotive Product Recall Warning Rules GB/T 43387 Product Recall Terminology GB 44495 Technical requirements for vehicle information security3 Terms and definitionsThe terms and definitions defined in GB/T 25069, GB/T 43387, GB 44495 and the following apply to this document. 3.1 Information defect informationdefect The vulnerability (3.3) in the cloud-pipe-end-external link system (3.2) was exploited, resulting in the same model, batch or category of vehicle products being Common situations that do not meet national standards or industry standards for protecting personal and property safety, or other situations that endanger personal safety (3.5), property Unreasonable risk to safety (3.6). 3.2 Cloud-channel-device-linksystem A distribution layer system consisting of vehicle application environment and related information. Note 1.“Cloud” refers to a network information service carrier, a layer system with connection management, capability exposure, data management and multi-business support capabilities. Note 2.“Pipeline” refers to the layer system of network information transmission, including vehicle-mounted cellular network communication, LTE-V2X and 802.11p direct wireless communication. Note 3.“End” refers to the network information application layer system, including vehicles and roadside facilities, automotive electronics, vehicle-mounted terminals and operating systems and other vehicle-related “end” layers. Note 4.“External links” refer to external ecological components such as control applications and charging piles required for vehicle use. 3.3 Vulnerability A weakness in an asset or mitigation measure that can be exploited by one or more threats (3.4) [Source. GB 44495-2024, 3.6] ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 45496-2025_English be delivered?Answer: Upon your order, we will start to translate GB/T 45496-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 45496-2025_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 45496-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
