-
HydraVision
Automotive and Industrial ECU Cybersecurity Penetration Testing and Fuzz Testing System
HydraVision is a software system for automated cybersecurity testing of embedded products, enabling automated security testing throughout the entire lifecycle of electronic control units (ECUs) and ensuring compliance with the latest automotive and industrial cybersecurity industry standards, including UNECE R155, ISO 21434, GB 44495, and IEC 62443. With dissecto HydraVision's intelligent Security Test Environment (STE), automotive manufacturers and suppliers can not only easily meet the requirements of the latest regulations and standards but also perform automated, remote, and clustered cybersecurity testing on their products. Through HydraVision, users can gain full control over all critical components related to cybersecurity, achieve highly transparent cybersecurity management, and optimize workflows to improve efficiency. Whether protecting embedded systems, connected vehicle environments, or industrial networks, HydraVision provides efficient, scalable cybersecurity testing solutions to help businesses build robust cybersecurity detection systems.
With the development of intelligent and connected vehicles, the security of vehicle electronic control units (ECUs) and embedded systems is facing unprecedented challenges. Governments and industry regulatory bodies around the world have introduced a series of cybersecurity regulations and standards, such as UNECE R155, ISO/SAE 21434, and GB 44495, requiring original equipment manufacturers (OEMs) and supply chain companies to implement strict cybersecurity management and testing throughout the entire product development lifecycle. Among these, security penetration testing (Penetration Testing) and fuzz testing (Fuzzing) have become core components of automotive cybersecurity testing, serving as critical tools for assessing and validating a vehicle's security protection capabilities.
Traditional product cybersecurity testing methods often suffer from low efficiency, lack of reusability, and heavy reliance on manual labor. HydraVision is an automated, controllable, and scalable security testing solution developed specifically to address these issues.
Core Values
-
Automated implementation of penetration testing and fuzz testing for automotive and industrial cybersecurity
-
Built-in extensive use case library greatly reduces the difficulty of security testing
-
Integrate CI/CD to establish an automated security testing process
-
Automation significantly reduces security testing costs and human resource requirements
-
Continuously ensure compliance with product cybersecurity testing
-
Helping companies develop their own cybersecurity culture
Main Benefits
-
HydraVision comes with a huge library of “plug-and-play”use cases
-
A continuously updated use case library covering common security testing objectives and scenarios
-
Use case library supports personalized expansion, facilitating enterprises to accumulate and form a reusable knowledge base
-
HydraVision supports integration with CI/CD systems to establish automated security testing processes
-
HydraVision provides real-time monitoring and detailed analysis reports to facilitate rapid identification of problem areas
-
HydraVision supports cluster-based security testing of ECUs
-
Intuitive test case editor for creating, modifying, and customizing test cases
-
Supports security testing of ECU clusters throughout their lifecycle or of entire vehicle systems
-
Supports common automotive network security interfaces and protocols such as CAN, Ethernet, and Bluetooth
-
The central management platform facilitates distributed collaboration between different locations, projects, and teams
-
Compatible with various power supplies, including Rigol, with full remote control and monitoring capabilities
-
Good scalability and modular design suitable for large, medium, and small teams of different sizes
-
HydraVision offers both SaaS and on-premise deployment models to meet the needs of different businesses
-
Providing well-designed hardware modules suitable for different interfaces and scenarios
Key Features and Hardware Modules
-
Security Testing and Test Case Library
-
HydraProbe
-
HydraProbe Mobile
-
HydraLink
-
HydraScan
-
Security Testing and Test Case Library HydraVision is a powerful security testing and test case library management platform that supports continuous security verification and ensures the completeness of security testing from four core aspects:
Starting with interface-level testing, HydraVision scans underlying drivers to identify potential threats. Following vulnerability scanning, the system conducts comprehensive testing of communication protocols to assess their robustness and identify potential security weaknesses. Additionally, HydraVision employs fuzzing technology to enhance the accuracy of cybersecurity risk assessments.
The third layer covers the assessment of complex security controls and functions to ensure a comprehensive check of the system's defensive capabilities. Finally, HydraVision conducts specialized security testing for known common vulnerabilities and exposures (CVEs) provided by third parties such as ASRG and Auto-ISAC to ensure the authority and coverage of the testing.
Based on this multi-level testing method, HydraVision's Security Test Environment provides users with a feature-rich test library that supports automated penetration testing and risk assessment across different levels, effectively preventing various potential risks.
-
HydraProbe
ECU Safety Test Interface
HydraProbe is an important hardware component of the Hydra environment. As the key interface between HydraVision and the device under test (DUT), it ensures smooth data flow and control. This ECU security testing tool supports dual CAN FD, advanced power management, and data encryption, enabling reliable cybersecurity testing. The interface features high-speed UART and JTAG expansion capabilities, designed specifically for high-performance applications. HydraProbe can be used in the HydraVision environment or in the field.
● Dual CAN FD interfaces
To ensure fast and efficient data transmission, dissecto HydraProbe fully supports CAN FD with a maximum bit rate of up to 5 Mbps, making it suitable for high-performance applications.
● Power supply monitoring
Gain a deep understanding of system power consumption and determine the system status of the ECU. HydraProbe provides accurate and reliable data to support precise monitoring and analysis of energy consumption-related parameters.
● Power control
Remotely manage and control power distribution to connected devices. This interface enables seamless system startup and shutdown, allowing systems in test sequences to be restored to their initial state.
● Voltage regulation
Test your system within voltage limits or beyond specified specifications to identify attack vectors that occur when voltage is insufficient. This increases the depth of system testing and enables comprehensive response to channel attacks.
● Extended features
The programmable coprocessor enhances the functionality of HydraProbe, enabling advanced features such as high-speed UART, JTAG, SPI, logic analyzer, and GPIO.
● Dual power supply
HydraProbe supports powering up to two systems simultaneously, and integrated Power over Ethernet (PoE) allows for power and communication over a single cable.
● Secure communication
All interactions between HydraProbe and HydraVision instances are encrypted to ensure the integrity and confidentiality of test data and prevent unauthorized access and data leakage.
-
HydraProbe Mobile
HydraProbe Mobile is a compact, smartphone-based remote testing device designed for today's dynamic vehicle safety workflows. It connects directly to the vehicle network via the OBD2 interface and runs the HydraVision safety testing environment on a Pinephone Pro™ smartphone.
Safety engineers can remotely set up test sequences, allowing on-site personnel to execute them without specialized skills. This makes HydraProbe Mobile ideal for distributed teams, forensic investigations, and production line quality assurance.
● Conduct remote testing anytime, anywhere
HydraProbe Mobile enables testers to perform full vehicle testing without being on site. Mobile devices are used as secure remote probes to perform pre-set tasks on site.
● HydraVision running on Pinephone Pro™
Our complete security testing environment can run on Pinephone Pro™ mobile phones, providing a full set of automotive security tools in a portable, portable form.
● OBD2 interface
HydraProbe Mobile connects directly to the entire vehicle network via a rugged, CANFD-enabled OBD2 interface, providing extensive support for ECU coverage and diagnostics.
● Commissioned testing execution
Remote configuration testing by security professionals. On-site users, such as colleagues, partners, or first responders, can run tests with a simple click of the mouse, without requiring professional skills or settings.
● Secure communications
All data exchanges between HydraProbe Mobile and HydraVision are encrypted to protect the integrity of the test, sensitive diagnostic information, and logs during transmission.
● Synchronous offline operation
Supports offline execution. Test results are stored locally and synchronized later, making it ideal for remote, physically isolated, or mobile deployment environments.
● Designed for multi-team collaboration
HydraProbe Mobile separates test design from execution, enabling efficient collaboration between central security teams and field operators across industries.
-
HydraLink
USB to Car Ethernet Interface
HydraLink is a high-performance USB-to-automotive Ethernet interface that is compatible with the 100BASE-T1 and 1000BASE-T1 standards, providing a cost-effective solution for reliable diagnostics, testing, and efficient prototyping. HydraLink is designed to eliminate the need for additional media converters, simplify connectivity, and meet the requirements of modern automotive Ethernet protocols.
● USB3 Gen 1 to Gigabit Automotive Ethernet (100/1000)
Provides high-speed data transmission, supports real-time diagnostics, simulation applications, and fast data exchange with extremely low latency.
● Supports single-pair twisted pair 100BASE-T1/1000BASE-T1
Fully compatible with modern Ethernet protocols used in automotive applications, it can be seamlessly integrated into automotive systems through master-slave mode.
● Drivers support Windows, Linux, and Mac
Highly compatible with mainstream operating systems, simplifying the integration process and ensuring cross-platform usability.
● Commercial-grade temperature range
Reliable operation under various conditions, maintaining performance within a temperature range of 0°C to 70°C, suitable for various environments.
● 2.54 mm pin header
Simplified connection to any electronic control unit (ECU) makes HydraLink the ideal tool for prototyping, testing, and customizing automotive projects.
● Integrated media converter
Directly connect your PC to the car's Ethernet without any extra conversion devices, making it easier to set up your test environment.
● Powered via USB
Direct operation via USB connection eliminates the need for external power supplies, reducing hardware complexity.
-
HydraScan
UDS-/ISOTP-Scanner
HydraScan is an advanced plug-in for dissecto HydraVision that can be used for whole-vehicle scanning for a variety of purposes, including forensic analysis and security testing. By utilizing HydraProbe Mobile, users can seamlessly access the vehicle's OBD interface and perform a full system assessment via CAN (UDS protocol based on CAN bus) or DoIP (UDS protocol based on IP). This enables in-depth analysis of the vehicle's electronic control units (ECUs), ensuring the identification of potential vulnerabilities and a comprehensive assessment of security measures. HydraScan employs automated and systematic scanning methods to provide a detailed overview of the vehicle's communication structure, assisting security experts and analysts in detecting anomalies, unauthorized modifications, or potential attack vectors.
HydraVision's built-in test case library (excerpt)
● IsotpScan:The test case performs a basic scan of the ISOTP endpoints on the ECU using CANSocket and returns a list of all found ECU ISOTP endpoints. | ● EthDoipTest:Test case to check whether the IP address next to the test vehicle announcement message source will establish a connection with the target. | ● UdsStateScan:Perform a test case scan of the UDS protocol to find all available states in DiagnosticSessionControl and SecurityAccess. Return a UdsSystemStates object containing the routing of all available states for the ECU. |
● ObdScan:OBD protocol test case scan, traversing all services containing information, with ID sequences: 01, 02, 06, 08, 09, 03, 07, 0A. | ● EthArpEndpointPortScan:This test case performs a comprehensive port scan on the provided ArpEndpoint, checks the entire port range, and generates PortScanResults based on the results. Unlike the IpEndpoint port scan, this test cannot use the IP configuration obtained from the target's imcp response. | ● UdsSecurityAccess:This test case traverses all sub-test cases defined in the test plan and executes them in sequence. The test plan includes tests such as penalty time checks, immediate key attempts, and seed analysis, each of which is designed to verify specific aspects of the UDS SecurityAccess service. |
● UdsDtcScan:Scan test cases for the UDS protocol to obtain all available DTC information, using UdsSystemStates to scan each available UDS session. | ● EthArpSniff:The basic sniffer test for ARP requests on the ECU on eth will create a list of ArpEndpoints containing all messages it receives. The testcase will automatically remove duplicates. | ● UdsWdbiScan:Test case scanning for the UDS WriteDataByIdentifier service, using UdsSystemStates to scan each available UDS session. |
● UdsRdbiScan:Test case scanning for the UDS ReadDataByIdentifier service, using UdsSystemStates to scan each available UDS session. | ● EthDoipSniff:The test case performs a basic scan of vehicle announcement messages sent by the ECU on the eth via DoIP, creating a DoIPAnnouncement list containing the values it obtains. | ● UdsRoutineControlScan:The test case scan for the UDS RoutineControl service uses UdsSystemStates to scan each available UDS session. |
● SomeIpSniff:The test case performs a basic scan of SomeIpEndpoint on ECU on eth and creates a SomeIpEndpoint list using the values obtained. | ● EthIPEndpointPortScan:This test case performs a comprehensive port scan on the provided IPEndpoint, checks the specified range of ports, and generates PortScanResults based on the check results. | ● UdsServiceScan:Perform test case scanning on all available UDS protocols and scan each available UDS session using UdsSystemStates. |
● DoipPortTest:Testing whether a specific port in PortScanResults supports DoIP will create a list of found DoIP endpoints. | ● CanWakeupTest:Test whether the ECU can remain awake via CAN messages, record the results, and write them to the summary. If successful, return CanBusKeepAliveBehaviour. | ● UdsRmbaScan:Test case scanning for the UDS ReadMemoryByAddress service, using UdsSystemStates to scan each available UDS session. |
● TlsScanTestSsl:Use the testssl.sh tool to scan the TLS security of the ECU on eth. This will create a .json file and a TLSScanResults list. | ● PowerBehaviourTest:Test cases are used to analyze the PowerBehaviour of the ECU at runtime. Returns a new PowerBehaviour object, i.e., the PowerMonitoring configured for the ECU's PowerBehaviour. | ● UdsEcuResetScan:Test case scanning for the UDS ECUReset service, using UdsSystemStates to scan each available UDS session. |
Supported interfaces and protocols (continuously updated)
● UDS | ● UDP |
● H3FZ | ● CAN & CAN FD |
● GMLAN | ● IPv4 |
● SOME/IP | ● JTAG |
● DoIP | ● IPv6 |
● UART | ● USART |
● TCP | ● DHCP |
● XCP | ● Auto Ethernet |
● OBD | ● DNS |
● TLS | ● GPIO |
Related
