Ford Adds Security Features To In-Car Wi-Fi Technology
March 31, 2010
Ford Motor Co. is rolling out the second generation of its Sync mobile connectivity platform this fall with new features and enhanced security. Sync 2.0, as part of a larger offering of connectivity features called MyFordTouch, lets drivers access Wi-Fi hot spots to download RSS feeds and podcasts from the Internet to play on the car's stereo system. The transmission has to be in "Park" before the Internet connection works to prevent people surfing the Web while driving. Besides the connectivity of external devices, the MyFordTouch system offers such features as GPS navigation and interior climate control on an 8-inch touch screen.
Sync 2.0 can also turn the car into its own Wi-Fi hot spot, with a USB dock into which a passenger can plug a wireless broadband device from a mobile carrier such as Verizon Wireless or AT&T Mobility. The upgraded Sync offering, co-developed by Ford and Microsoft, will be available later this year in the 2011 Ford Edge and Lincoln MKX SUVs. It will also be included on the new 2012 Focus line of compacts, says Jim Buczkowski, director of global electrical and electronics systems engineering. Within five years, it should be available on 80 percent of Ford models.
The first Sync systems, introduced in 2008 models, let drivers plug in cell phones or media players and make calls or choose music selections from their library by voice command. Sync is also Bluetooth-enabled so the devices can connect wirelessly. The next-generation Sync adds security features to protect the integrity of the on-board computer system, Buczkowski says. A firewall sits between the Sync system and external devices that plug into it. "There is a processor on the vehicle side and a processor that runs the consumer side, and there is basically a hardware firewall between those two where we pass information back and forth," he says.
Sync 2.0 adds Wi-Fi connectivity but limits what can be downloaded to the car. Following Apple's strategy of preventing unauthorized applications to be loaded onto the iPhone, Ford does not allow unauthorized applications to be downloaded via the Wi-Fi connection or through the Sync firewall. The new Sync security features follow Wireless Access Protocol (WAP) version 2.0 that protects other wireless devices. Ford designed the security features for Sync using some of the same IT experts it uses in-house to protect the company's enterprise IT systems, says Buczkowski. "In terms of downloading software, we use signing technology to ensure that the only thing that can run on the consumer side is a piece of signed software that recognizes that vehicle and is authorized through our systems," Buczkowski says.
Whatever motivation someone might have for hacking a MyFordTouch Sync system, Ford doesn't want to provide any opportunities. "I certainly wouldn't challenge anyone to try to hack a vehicle," Buczkowski says. "The reality is that I think the effort to go into it would be quite a bit of work." Michael A. Davis, CEO Savid Technologies, Inc. and Informationweek Analytics Analyst says, "Signing applications makes sense, but it really just offloads the risk of a breach to the certificate provider and software reviews. At Blackhat, we saw how certificate authorities haven't done the right things all the time. Let's hope that Ford is using a certificate authority that has done security the right way, and that Ford has implemented the certificate verification properly in their code. Otherwise this choice may come back to haunt them."