The technology content of new cars is getting higher and higher, which provides a series of exciting new experiences for the passengers in the car. However, cybersecurity is also an area of growing industry concern.
To address the risks posed by cyber-attacks, global engineering, technology and consulting services provider Expleo said it has developed a comprehensive cyber resilience testing platform for the industry.
The platform, called “Smeeta Suitcase,” enables security assessments, network forensics, and penetration testing in the mobile industry.
We spoke to Helmi Rais, Expleo Group Cyber Security Practice Leader, to learn more about this new technology and what it can do.
Just Auto (JA): Can you tell me a little bit about the background of your role in the company?
Hermilias (HR): I’m Expleo’s Group Cybersecurity Practice Leader, which means I manage the entire cybersecurity practice across the business, from service delivery to R&D projects.
I make sure our teams support customers by designing cybersecurity into their products and solutions across industries ranging from automotive to BFSI. I’ve been with Expleo for about three years and have been in the network security field for over twenty years.
Can you explain “Smeeta Suitcase”? How did it come about and what does it do?
The ExpleoSmeeta Briefcase is an outgrowth of Expleo’s research and development project to investigate how automotive and mobility OEMs/Tier 1 suppliers can protect their products from common cyber threats.
It combines the ExpleoSmeeta operating system, based on the Linux open source distribution, with hardware kits and proprietary scripts and tools from Expleo. The result is a physical “platform in a box” capable of security assessments, cyber forensics and penetration testing of vehicles and components.
The ExpleoSmeeta Briefcase tests a wide variety of wireless and physical connections in modern vehicles, including many of the most common threat scenarios: GPS, Cellular, Wi-Fi, Bluetooth, and more.
We can test a vehicle’s cyber resilience against GPS spoofing, key fob hacking, or data spyware insertion for infotainment systems. The main goal is to help OEMs and Tier 1 suppliers ensure the security of their products, their customers and their customer data by integrating cybersecurity by design and anticipating future risks.
In addition to the development of the “Smeeta Suitcase”, a purpose-built platform-in-a-network flex-box system was created, can you explain that?
The ExpleoSmeeta Briefcase is a purpose-built cyber resilient system. The idea is to develop a solution that combines hardware and software so that our engineers can easily move to the different test environments our customers and partners require.
These could be in a lab, office, parking lot, or somewhere else, so portability and having everything we need in one handheld is a big help.
What are the main benefits offered by this new technology?
Cars are becoming more connected and software-driven all the time. Autonomous driving systems, electrification, in-vehicle infotainment and new mobility business models are all possible through the integration of digital technologies. However, as we have seen in other industries, these opportunities do come with higher cyber risks.
Safety is always paramount, so the automotive industry must be able to respond to ever-changing threats.
By developing ExpleoSmeeta, we combined the knowledge of our online community with Expleo’s proven expertise in the automotive and digital industries to help automakers test, protect and secure their products, making them more resilient, sustainable, And comply with cybersecurity regulations and standards, ultimately safer for consumers.
Can you expand on the “threat vectors” that “Smeeta” is able to run tests on?
To ensure the highest standards of cybersecurity, it is critical to embed security into all stages of product development. It is much easier to make a new car cyber-resilient from scratch than to do it retrospectively.
ExpleoSmeeta facilitates this integration, especially during the critical testing and validation phase. However, this is only the first step, which is why we work closely with our clients to help develop a security architecture with all necessary cybersecurity controls.
The ExpleoSmeeta Portfolio enables our engineers to conduct in-depth cybersecurity testing against many different threat vectors. These include:
- Radio frequency, such as RFID or GPS
- Wireless connectivity including cellular (4G/5G), Wi-Fi, Bluetooth and telematics
- vehicle sensor
- Controller Access Network (CAN) bus
- USB, CD and SD card
- Software and Apps