Building Vinli with Security at its Core

September 12, 2015

We’ve heard a lot of concern lately about the security of connected cars. It’s not a new concern for us. At Vinli, we’ve been focused on security from the beginning as a fundamental pillar of the system rather than an afterthought. We had the opportunity to study systems that came before us and learn their vulnerabilities so that we could future-proof Vinli’s security features.

Security is not only at the heart of Vinli, it’s also core to my own background. I began my life in the US 10 years ago designing a connected car system for the US Military. The platform allowed the military to collect information from vehicles in the battlefield and send that information to the command center in real time. The top priority the military demanded at the start of this project was security. Once we nailed down security, only then could we even begin discussing other features and capabilities.

At Vinli, we took that same approach and made security the top priority to implement for the consumer. That thought process was built into the entire architecture, development and implementation of our product. Every time a new feature is introduced, the first question we ask ourselves is What security threats and vulnerabilities could this open up? We have to do a lot of trade-offs when we’re designing the hardware and software. But the one thing we never trade off on is security.

Building Vinli With Security At Its Core from Vinli on Vimeo.

We call our approach to protecting users Vinli Shield Technology. It works in three layers:

  1. Active Protection: Potential hacking or sending of malicious code to Vinli devices is blocked at the hardware level so that unauthorized data cannot be sent to the engine. That means we have electrically disabled any ability for the Vinli device to control the workings of the car. It is impossible to use Vinli to control the brakes, gas, steering, engine, or any other mechanical system of the car, because the physical connections to the computer controls for these parts do not exist.
  2. Firmware Protection: Vinli’s software also lacks any capacity to influence the operation of the car. Vinli can only collect data from the engine and other mechanical systems, not send arbitrary commands to them. And our encryption meets strict industry standards for data security.
  3. Vinli Authentication and Privacy: No one can read the Vinli device’s data without passing through a multi-stage authentication process. Vinli requires an app to receive explicit permission from the user through an OAuth process, which is both secure and familiar to most users (Facebook, Twitter or Google login, for instance). Vinli users always have complete control over access to their data. The user has the capability through the MyVinli application to revoke this access at any time.

Several legislative proposals are currently being considered for standardizing the security requirements of connected-car systems. Rather than wait and see what these regulations say, we’ve planned from the beginning to meet the highest possible standards for security, so Vinli will be in compliance from day one. We wouldn’t use it ourselves if that wasn’t true, let alone sell it to you.

As more cars become connected, security is something we must absolutely address. We are playing our part as innovators in this space and it’s up to everyone in this industry to ensure the safety of drivers and passengers on the road. 

- Mark Haidar, CEO at Vinli 

  • engineering