Security Review: Ford MyKey and similar systems

By Tim Crossley at 8:11 pm on February 6, 2009 | 1 Comment

Ford Motor Company has stated that the 2010 Focus Coupe will be equipped with a technology called MyKey. Designed for parents wishing to ensure teenagers practice safe driving, the technology restricts certain actions such as driving too quickly. As currently announced, the system can restrict the vehicle speed to 80 mph, limit the audio speakers to 44% of maximum, and give constant audible alerts if seat belts are not worn. Read about the MyKey system here.

While MyKey is aiming for the parent/teenage child crowd, other products exist which automatically limit vehicle speed based on the current road. Using GPS and a database of known speed limits, these devices either limit the vehicle speed or issue a warning when driving over the limit. In all cases I’ve seen, these devices can be overridden, unlike the Ford MyKey. An example of one of these speed limiters would be the Wisespeed, by Imita.

Assets and Security Goals

  • Safety settings. The safety settings put in place by a parent or similar individual should not be able to be reduced or reset by the driver or any other non-privileged user.
  • Privacy. For the automated speed limiters, the vehicle’s position must be obtained via GPS, and then the speed limit of the current road discovered. If looking up the speed limit requires talking to an external database, then that database is given details of the vehicle’s movement.
  • Keeping below the limit. Drivers would use speed limiters to encourage themselves to keep below the limit. The limit programmed into the device, therefore, should be accurate.

Adversaries and Treats

  • Unwilling Drivers. Regardless of the morality of the situation, when discussing the MyKey from a security perspective the teenage drivers are an adversary. They may wish to disable or alter the system, and have physical access to the system.
  • For speed limiting systems, various agencies desiring information about location and speed travelled could be adversaries. For example, auto insurance agencies could charge extra to drivers who frequently drive over the speed limit. These groups would be willing to attack the user’s privacy.
  • An enemy of a speed limiting device may want to give false speed limit information to the device, making the driver drive faster or slower than he or she desires.

Weaknesses

  • MyKey features are only active for certain keys set up ahead of time. A driver who wanted to circumvent the system could insert a key for which there were no restrictions.
  • Speed limiters must at some point connect to a database to get the speed limits for certain roads. When connecting, an adversary could intercept and put in false information. Alternatively, if the connection is made in real time, then the vehicle’s GPS location would be sent, and the vehicle could be tracked.

Defenses

  • Physical Security. To prevent restricted drivers from circumventing the MyKey system, either there must be no unrestricted keys, or they must be kept in a location secure from the restricted drivers.
  • To prevent malicious modification of known speed limits in automated limiters, new data must be entered securely. The best option would be to download new files from a trusted server over a secure connection, and update the device in a similar manner.

Conclusions

Because of the closed nature of the MyKey system, it is likely to be fairly secure against the typical adversary (a teenage driver wising to disable the restrictions), so long as unrestricted keys are kept secure. Breaking the system would involve tampering with an existing key, or manufacturing a false key. Both options are far too costly in time and money for any adversary to undertake, given the incentives, so the risk of such an attack is very low.

I have so far stayed away from the ethical considerations of  a system like the Ford MyKey. Obviously, promoting safe driving to teenagers is a very important issue, but many would see imposing restrictions as going too far. However, Ford does seem to have put some thought into the issue, and the possible restrictions are hardly an issue for day to day driving. 80 mph is a very high speed limit, considering most freeways have a speed limit of 65 or 70 mph. Putting the limit any lower, however, might restrict driving on freeways. And if a teenager is drunk or distracted behind the wheel, going under 80 mph is not going to help all that much. The end result is that, while MyKey is a good idea, and is not likely to be a hinderance, it has nowhere near the effectiveness of simply teaching teenagers good driving practices from the start, and impressing upon them the need to drive safely.

 

Links:

Ford MyKey

Imita Wisepeed

Filed under: Physical Security,Privacy,Security Reviews1 Comment »

1 Comment

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Heather Underwood

    February 13, 2009 @ 11:57 am

    As this article points out, http://www.msnbc.msn.com/id/27053080/, another weakness of this system is that it does not lend itself to the dynamic nature of driving. If a car is about to crash into me it might be necessary to go over 80 mph for a short period of time to get out of the way.

    Also, I’m curious about the reversibility or changeability of the key restrictions, because first of all it would be relatively easy to steal a parent’s unrestricted key, but also, if a parent accidentally picked up the restricted key, could they change the settings?

    Finally, I think this is a ridiculous double standard. The every-six-second alarm for unfastened seatbelts will eventually stop for adult drivers who refuse to wear their seat belts, but will obnoxiously continue for younger drivers. A parent should be setting good examples and teenagers should have to prove that they are driving safely in order to keep their driving privileges. It seems like this is a technological solution for bad parenting, and I doubt it will fix the problem.

RSS feed for comments on this post