New vehicles are becoming increasingly tech heavy which offers vehicle occupants a range of new and exciting experiences. However, cybersecurity is a growing area of industry concern, too.
To combat the risks posed by cyber-attacks, global engineering, technology, and consulting service provider, Expleo, says it has developed a comprehensive cyber-resilience testing platform for the industry.
The platform named ‘Smeeta Suitcase’ can conduct security assessments, cyber forensics and pen tests in the mobility industry.
We spoke to Helmi Rais, group cybersecurity practice leader at Expleo, to learn more about this new technology and the functions that it can carry out.
Just Auto (JA): Could you tell me a little bit of background on your role at the company?
Helmi Rais (HR): I’m the group cybersecurity practice leader at Expleo which means I manage the entire cybersecurity practice across the business, covering everything from service delivery to R&D projects.
I ensure that our teams are supporting customers to incorporate cybersecurity by design into products and solutions across every industry, from automotive to BFSI. I’ve been with Expleo for around three years now and have been working in cybersecurity for over twenty years.
Could you explain the ‘Smeeta Suitcase’, how this came to be, and what functions it is able to carry out?
The ExpleoSmeeta Briefcase was the product of an R&D project at Expleo, looking at how to help OEMs/Tier1s in the automotive and mobility sectors protect their products against common cyber threats.
It combines the ExpleoSmeeta Operating System – which is based on Linux open-source distribution – with a hardware toolkit and proprietary script and tools from Expleo. The result is a physical “platform-in-a-box” capable of conducting security assessments, cyber forensics, and pen tests for vehicles and components.
The ExpleoSmeeta Briefcase can test the various wireless and physical connections in a modern vehicle that comprise many of the most common threat scenarios: GPS, cellular, Wi-Fi, Bluetooth and more.
We can test a vehicle’s cyber resilience against GPS spoofing, hacking a key fob or data spyware insertions against infotainment systems. The key aim is to help OEMs and Tier1s ensure the security of their products, customers, and their customers’ data by integrating cybersecurity by design and anticipating future risks.
Alongside the development of the ‘Smeeta Suitcase’, a purpose-built cyber resilience platform-in-a-box system has been created, could you explain this?
The ExpleoSmeeta Briefcase is the purpose-built cyber resilience system. Our thinking was to develop a solution that combined hardware and software so that our engineers could easily move to the different test environments our customers and partners need.
These might be in a lab, an office, a parking garage or elsewhere, so portability and having all we need in one handheld package is a great help.
What are the key benefits this new technology offers?
Cars are becoming more connected and software-driven all the time. By integrating digital technologies, driverless systems, electrification, in-vehicle infotainment and new mobility business models are all becoming possible. However, as we have seen in other industries, these opportunities do come with a heightened cyber risk.
Safety and security are always paramount and so the automotive industry must be able to respond to an ever-changing set of threats.
By developing ExpleoSmeeta, we are combining the knowledge of the cyber community with Expleo’s own proven expertise in the automotive and digital industries to help automakers test, secure and protect their products, making them more resilient, sustainable, and compliant with cybersecurity regulations and standards, and ultimately safer for consumers.
Could you expand on the ‘threat vectors’ which ‘Smeeta’ is able to run tests on?
To ensure the highest standards of cybersecurity, it is fundamental that security is embedded in all phases of a product’s development. It is far easier to make a new car cyber-resilient from the ground up than to do so retroactively.
ExpleoSmeeta facilitates this integration, particularly during the crucial testing and validation phase. However, this is just one step and that’s why we work closely with our customers to help develop secure architectures with all the necessary cybersecurity controls.
The ExpleoSmeeta Briefcase allows our engineers to conduct in-depth cybersecurity tests on many different threat vectors. These include:
- Radio Frequencies such as RFID or GPS
- Wireless Connections including cellular (4G/5G), Wi-Fi, Bluetooth, and Telematics
- Vehicle Sensors
- Controller Access Network (CAN) Bus
- UART- JTAG
- USB, CD and SD Cards
- Software and Applications