Vehicle VPNs, Part One: The ‘Connected Car’

by VPNHaus | 10/28/2013

The “connected car.” Up until this point, such a phrase never really resonated with people the way it does now. Most would think it referred to environmentally-focused electric cars that you recharge as an alternative to using fossil fuels. But, in reality, the connected car is more like what we’ve seen in science fiction movies for generations. In science fiction, we see all of the glitz and glamor, but little of the technologies that actually go into securing such innovations. Now, we’re getting closer to the point where science fiction becomes science fact, which is precisely why VPNs will become an integral part of vehicle computer systems for the foreseeable future.

For several years now, auto manufacturers have been building onboard infotainment systems into their vehicles. The front-seat passenger can enjoy a movie or play a game on a screen embedded in the dashboard, while rear passengers use screens built into the backs of the forward headrests. Infotainment systems are only the first step, however.

Rise of the ‘Connected Car’

Back in 2010, Ford introduced the “MyFord Touch,” a mobile Wi-Fi hotspot allowing travelers in Ford vehicles to send and receive emails and surf the Internet. Then, earlier this year, Ford unveiled its OpenXC platform for hardware and software at the North American International Auto Show. OpenXC allows tablet and smartphone apps to access the internal data network of a Ford vehicle, calling up data from various onboard sensors, including information on location and speed. The intention is to make the lives of Ford drivers easier by using this data to do things like automatically open garage doors or switch on lights when drivers are approaching their homes.

While such functionality can certainly prove convenient, it can also pose significant security risks if proper steps are not taken. Remember, anything that is connected to the Internet is a potential target for hackers and cyber criminals. If they’ll hack your smartphone, tablet or laptop computer, who is to say they won’t try to do the same to your car? Perhaps doing so could allow them to trick your vehicle’s system into thinking that you’re near your home, triggering the garage door opener. If your garage is connected to your house, you might as well have left the door open and a snack out for the soon-to-arrive intruders.

Perhaps even more disturbing is the potential for someone to remotely take control of your vehicle while you’re behind the wheel, as researchers from the University of Washington and the University of California at San Diego pointed out in two studies published in 2010 and 2011. These studies focused on the vulnerabilities of modern car computers and how hackers could remotely infiltrate and take control of a car through its internal data network.

We’ve all heard about Google’s long-time pet project: the driverless car. We’ve seen them brought to life in countless science-fiction movies and TV shows, as well, and they always seem like a great idea. What we have to remember, however, is that a fully automated car that doesn’t require a human being to drive it has to be built around a completely reliable and impregnable internal data system. If that security cannot be guaranteed, who would risk ceding control by getting into a fully automated, driverless car?

Vehicle VPNs and Safeguarding Our Roads

While auto manufacturers and other industry stakeholders have yet to agree on a standard for vehicle data and communications systems, VPNs offer one of the best available methods of securing data transmissions between vehicles, the Internet and other machine-to-machine (M2M) devices one might use.

By securing these communications channels, drivers and their passengers can enjoy all of the benefits of connected cars and M2M without opening themselves up to security risks, ones that could lead to significant network, financial and physical dangers.

In our next blog post, we’ll discuss connected cars, vehicle VPNs and the implications on corporate data networks.