|
US$279.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 45496-2025: Motor vehicle product recall - Guidelines for information defect assessment
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 45496-2025 | English | 279 |
Add to Cart
|
3 days [Need to translate]
|
Motor vehicle product recall - Guidelines for information defect assessment
| Valid |
GB/T 45496-2025
|
PDF similar to GB/T 45496-2025
Standard similar to GB/T 45496-2025 GB/T 45415 GB/T 45312 GB/T 45493 Basic data | Standard ID | GB/T 45496-2025 (GB/T45496-2025) | | Description (Translated English) | Motor vehicle product recall - Guidelines for information defect assessment | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | T40 | | Classification of International Standard | 43.020 | | Word Count Estimation | 14,114 | | Date of Issue | 2025-03-28 | | Date of Implementation | 3/28/2025 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 45496-2025: Motor vehicle product recall - Guidelines for information defect assessment---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 43.020
CCST40
National Standard of the People's Republic of China
Guidelines for evaluating automotive product recall information defects
Released on 2025-03-28
2025-03-28 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of contents
Preface III
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Evaluation Process 2
5 Assessment and Defect Identification 3
5.1 Overview 3
5.2 Possibility 3
5.3 Severity 5
5.4 Determine vulnerability risk level 6
5.5 Defect Identification 6
6.Disposal of evaluation results 6
6.1 Implementation of recall 6
6.2 Issuing warnings 6
6.3 Emergency Response 7
Appendix A (Informative) Vulnerability Exploitation Methods 8
A.1 Attack vectors 8
A.2 Trigger conditions 8
A.3 Permission Requirements 8
A.4 User Interaction 8
References 9
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents"
Drafting.
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents.
This document was proposed and coordinated by the National Technical Committee for Product Defects and Safety Management Standardization (SAC/TC463).
This document was drafted by. State Administration for Market Regulation Defective Product Recall Technology Center, Huawei Technologies Co., Ltd., China Automotive Industry Corporation
China Automotive Engineering Research Institute Co., Ltd., China Society of Automotive Engineers, China Automotive (Beijing) Intelligent Connected Vehicle Research Institute Co., Ltd., Guangzhou Xiaopeng Motors
Technology Co., Ltd., Tsinghua University, Zhejiang Tsinghua Yangtze River Delta Research Institute, Beijing China Automotive Research Institute Technology Co., Ltd., China Automotive Data Co., Ltd., Yutong
Beijing Automobile Co., Ltd., Geely Automobile Group Co., Ltd., Beijing Mercedes-Benz Sales and Service Co., Ltd., Beijing Ideal Automobile Co., Ltd.
company.
The main drafters of this document are. Li Yan, Dong Honglei, Xiao Lingyun, Tan Yuhan, Xia Guoqiang, Liang Xinmiao, Li Wenzhao, Xi Ming, He Xing, Zhang Yanan,
Chen Guihua, Fang Rui, Ding Xu, Gao Yongqiang, Feng Yongqin, Zhang Heng, Qu Xianguo, Ren Yi, Sun Yingce, Peng Jianfen, Huang Rong, Liu Yahui, Wang Jian, Peng Yamin,
Chen Jie, Shi Yan, Zhou Fanhua, Ma Chao, Guo Zhen, Yu Mingming, Ma Tao, Wang Peng, Chen Yupeng, and Wu Shengnan.
Introduction
With the cross-border integration of artificial intelligence, information communication and automotive technology, cars are no longer isolated electromechanical units, but have become an important part of the intelligent ecosystem.
As a carrier, cars have gradually evolved from information-isolated means of transportation to a digital space that integrates travel, entertainment, and services.
Security and information security risks are intertwined and superimposed, making the security situation more complex and severe.
The information security risks faced by automobiles come from "cloud-pipe-end-external links", namely cloud platforms, network transmission, vehicles and related external equipment.
Cloud platform information security risks include malicious theft and tampering of data by hackers, illegal access to sensitive data, etc. Network transmission security risks include
But not limited to. 1) Transmission risk, sending wrong information; 2) Authentication risk, impersonating the identity of the verifier through identity forgery, dynamic hijacking, etc.
Information; 3) Protocol risk, attackers use false information to induce vehicle misjudgment. Vehicle-side information security risks include but are not limited to. 1) Software and hardware system
1) System security, such as exploiting vulnerabilities to attack vehicles; 2) Key security, such as attackers obtaining control information through plug-in debugging and reverse analysis, using scripts
Control the vehicle through a digital key; 3) Architecture security, such as controlling the vehicle's electronic control unit (ECU) through a controller area network (CAN).
The security of externally linked devices includes, but is not limited to, risks caused by vulnerabilities in external ecological components such as manipulating apps and charging piles.
If there is a loophole in any link of the "link", it may affect driving safety, so automobile information defects need to be considered comprehensively from the perspective of system ecology.
Guidelines for evaluating automotive product recall information defects
1 Scope
This document provides recommendations for the evaluation of automotive product information defects, and outlines the evaluation process, evaluation and defect identification, and the handling of evaluation results.
This document is applicable to automobile manufacturers, parts manufacturers, system suppliers, data service providers, network operators, product recall
The recall authorities, product recall technical institutions and other entities conduct defect analysis and defect judgment on the loopholes of the "cloud-pipe-end-external link" system of in-use vehicles.
Determination, risk warning and emergency response.
2 Normative references
The contents of the following documents constitute the essential clauses of this document through normative references in this document.
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document.
GB/T 25069 Information security technical terms
GB/T 34402-2017 Guidelines for Safety Risk Assessment and Risk Control of Automotive Products
GB/T 40914 Automotive Product Recall Warning Rules
GB/T 43387 Product Recall Terminology
GB 44495 Technical requirements for vehicle information security
3 Terms and definitions
The terms and definitions defined in GB/T 25069, GB/T 43387, GB 44495 and the following apply to this document.
3.1
Information defect informationdefect
The vulnerability (3.3) in the cloud-pipe-end-external link system (3.2) was exploited, resulting in the same model, batch or category of vehicle products being
Common situations that do not meet national standards or industry standards for protecting personal and property safety, or other situations that endanger personal safety (3.5), property
Unreasonable risk to safety (3.6).
3.2
Cloud-channel-device-linksystem
A distribution layer system consisting of vehicle application environment and related information.
Note 1.“Cloud” refers to a network information service carrier, a layer system with connection management, capability exposure, data management and multi-business support capabilities.
Note 2.“Pipeline” refers to the layer system of network information transmission, including vehicle-mounted cellular network communication, LTE-V2X and 802.11p direct wireless communication.
Note 3.“End” refers to the network information application layer system, including vehicles and roadside facilities, automotive electronics, vehicle-mounted terminals and operating systems and other vehicle-related “end” layers.
Note 4.“External links” refer to external ecological components such as control applications and charging piles required for vehicle use.
3.3
Vulnerability
A weakness in an asset or mitigation measure that can be exploited by one or more threats (3.4)
[Source. GB 44495-2024, 3.6]
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 45496-2025_English be delivered?Answer: Upon your order, we will start to translate GB/T 45496-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 45496-2025_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 45496-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|