Expleo develops hacking briefcase for automotive cybersecurity

Expleo, the global engineering, technology and consulting service provider, has developed a complete cyber-resilience testing platform for the automotive sector. The “ExpleoSmeeta Briefcase” combines cybersecurity testing framework (ExpleoSmeeta) with a comprehensive suite of hardware components to conduct security assessments, cyber forensics, and pen test in the automotive sector.

A modern car runs on 100 million lines of code and typically can include multiple wireless connections such as Wi-Fi, GPS, Bluetooth and cellular (4G/5G). As vehicles become more connected and more reliant on software, the cyber risk grows exponentially and could pose a threat to vehicle safety

As part of an innovation project, Expleo has created a physical cyber resilience testing platform-in-a-box which combines the ExpleoSmeeta Operating System (OS), based on a Linux open-source distribution, and a hardware toolkit with Expleo proprietary scripts and tools. This allows Expleo engineers to conduct in-depth cybersecurity tests on vehicles anywhere at any time, supporting OEMs/Tier1s to check and verify their own solutions, integrate cybersecurity by design into product development, and anticipate future risks.

Threat vectors include:

Radio Frequencies such as RFID which is used to access and start vehicles via electronic key fobs or GPS which can be spoofed to hide stolen vehicles.
Wireless Connections including cellular (4G/5G), Wi-Fi, Bluetooth and Telematics are the method of connecting vehicles to the wider Internet of Things and are a prime target for malicious firmware updates that can compromise driver data.
Vehicle Sensors such as those used for assisted parking or to support autonomous driver systems which can be spoofed or jammed to put driver safety at risk.
Controller Access Network (CAN) Bus is the message-based protocol that allows the various electronic components of a vehicle to communicate, such as door locks, speedometer and even brakes which if compromised can pose a significant risk to driver safety. 

Helmi Rais, Group Cybersecurity Practice Leader, commented: “Cars are becoming more sophisticated thanks to digital technologies, enabling electrification, autonomous driving systems, advanced in-vehicle infotainment, connected vehicles and shared mobility. But with the new opportunities offered by digital come new risks in the form of heightened cyber risk. The automotive industry must be able to respond to an ever-changing set of threats.

“That’s why we developed ExpleoSmeeta to help combine the knowledge of the cyber community with Expleo’s automotive and digital expertise so that OEM and Tier1 automakers can test, secure and protect their products, making them more resilient, sustainable and most importantly, safer for consumers.”

See more stories here.