Alert on hacking tool (Flipper Zero) being used to steal cars … including A LOT of Fords

[Mach-Lee]

I'm not so sure an unlock key press is required. The key definitely broadcasts evidenced by the car waking up when you walk towards it. Ford could never confirm or deny without risking security, unfortunately.

On the other hand, if I'm the developer of this firmware I wouldn't want to try and make software that can break all the different methods that detect and validate proximity. Hacking a button press seems simpler.

That is intelligent access, and is a different interrogation/reply cryptography than the basic rolling code remote function commands. That is also hackable with a relay attack, but that's a completely different method than the flipper attack.

Again, this specific vulnerability only applies when you are using the remote buttons on the key fob. So if you don't press the buttons on the fob, you will be safe. And actually it requires recording two subsequent key presses, so if you only press lock or unlock one time, you'd also be safe.

It doesn't seem like very many Mach-E owners use the buttons on their key fob (everybody uses PAAK or IA), so this is probably a minor thing for us.

We also don't know which specific Ford vehicles are vulnerable to it. It can vary a lot.

Sponsored

 

[ipca204]

It doesn't seem like very many Mach-E owners use the buttons on their key fob (everybody uses PAAK or IA), so this is probably a minor thing for us.

We also don't know which specific Ford vehicles are vulnerable to it. It can vary a lot.

Wait...What??? YOu think the majority of people are NOT using the FOB? I will 100% Guarantee that the majority of Mach-E owners are indeed using the FOB. Now, if you are talking about forum members here (which is a fraction of the total number of owners) you may be right...but I still doubt it. Poll anyone?..lol

 

[Trekkie101]

It's maybe the same problem (and solution) as posted by @Trekkie101 in Mach E branded keys back in stock... The solution may be to replace all key fobs with ones that contain a motion sensor. So they only respond to car pings when picked up.

Ford do (in the UK) use motion sensors to stop relay/replay attacks.

https://www.ford.co.uk/support/how-...arms/how-does-the-motion-sensing-key-fob-work

Although it seems this hack uses a form of keychain prediction from what others have written to unlock the car. If that’s the case - I’m not really sure what you’d be able to do to defend against it easily.

That said - I don’t think you’d be able to start the car as it’ll still look for a key certificate with one of the two paired keys or require PAAK (outside UK).

So they may be able to get in it but not move it? I am unsure and have no details though - just speculating.

 

[Mach-Lee]

If that’s the case - I’m not really sure what you’d be able to do to defend against it easily.

Avoid using the key fob buttons. Keep the fob in your pocket and use the buttons on the door only. Or just use PAAK which is immune.

So they may be able to get in it but not move it? I am unsure and have no details though - just speculating.

Correct, it won't start. Unless you are foolish enough to keep a hidden key fob inside your car, which they could find and use, even with the battery removed.

 

[HuntingPudel]

Wait...What??? YOu think the majority of people are NOT using the FOB? I will 100% Guarantee that the majority of Mach-E owners are indeed using the FOB. Now, if you are talking about forum members here (which is a fraction of the total number of owners) you may be right...but I still doubt it. Poll anyone?..lol

Lee didn’t say that people are not using the physical key. He said that MME owners are likely not using the physical buttons on the key and relying on Intelligent Access.

 

[E90alex]

No sense in losing sleep over this. This still requires specific hardware and software and has to be a targeted attack.

If someone really wanted something inside your car they could just smash the window. If someone really wants to take your car they can tow it away.

This isn’t like the Hyundai/Kia boys the last few years where it’s just kids taking random cars for joyrides with no cost and no effort.

 

[hellb0y]

Dare I say, 100% of keyless vehicles can be hacked this way lol….

I would be losing sleep over having a Toyota or Lexus in my garage - takes literally one minute with a CANBUS in your hands…

method: unplug the driver’s headlight, hook it up to the external CANBUS and happy driving. This attack is being wildly used many areas already and insurance companies recommend that Toyota owners by a steering wheel lock

 

[Mach1E]

No sense in losing sleep over this. This still requires specific hardware and software and has to be a targeted attack.

If someone really wanted something inside your car they could just smash the window. If someone really wants to take your car they can tow it away.

This isn’t like the Hyundai/Kia boys the last few years where it’s just kids taking random cars for joyrides with no cost and no effort.

This^^

If someone wants in (and this goes for your house as well) they’ll get in.

Just don’t make it easy for them.

What can you do? Lock your doors.

A top of the line security system for your house for example can be “beaten” by a $2 face mask, $1 pair of gloves and a $5 crow bar.

 

[ipca204]

Lee didn’t say that people are not using the physical key. He said that MME owners are likely not using the physical buttons on the key and relying on Intelligent Access.

I know what he said, but I will stand by my quote that the MAJORITY of Mach-E owners absolutely do use the fob for unlocking (and locking) the car versus other methods. The fob has been around forever and tons of people, especially the ...ahemmm....older crowd are just used to using one.

 

[Space_Pony]

I use a locked garage, 500 ft. off the road with a German shepherd inside the garage.

 

[E90alex]

I know what he said, but I will stand by my quote that the MAJORITY of Mach-E owners absolutely do use the fob for unlocking (and locking) the car versus other methods. The fob has been around forever and tons of people, especially the ...ahemmm....older crowd are just used to using one.

Actually clicking the fob button uses a different mechanism than using the passive entry system where you just keep the fob in your pocket and press the door button or touch the lock area.

I don’t think majority of Mach-E owners are fishing the fob out of their pocket and actually clicking the buttons. They are just relying on passive entry.

 

[Kamuelaflyer]

I know what he said, but I will stand by my quote that the MAJORITY of Mach-E owners absolutely do use the fob for unlocking (and locking) the car versus other methods. The fob has been around forever and tons of people, especially the ...ahemmm....older crowd are just used to using one.

No. Every "older" mme owner I know, save one, exclusively uses paak. The one that doesn't uses IA. Try again.

 

[BlueWhale]

No. Every "older" mme owner I know, save one, exclusively uses paak. The one that doesn't uses IA. Try again.

Honest question. How many Mach E owners do you know? Just curious, because I don't know any.

Either way though, neither of you know whether the majority of Mach E owners use PaaK vs. fob. Best I could find was a 2020 survey (who knows the quality of the survey) suggesting 40% said they planned on using PaaK. I will say anecdotally (which doesn't mean much) you can find quite a few reports of people specifically not using PaaK due to reliability issues. But again, there is no empirical evidence that I have found that would allow anyone to make a conclusion about who is using which.

 

[AnimalChin]

Address Resolution Protocol Spoofing. Old as time itself. It won't work unless you have never updated your firmware.

 

[Mach1E]

Honest question. How many Mach E owners do you know? Just curious, because I don't know any.

Either way though, neither of you know whether the majority of Mach E owners use PaaK vs. fob. Best I could find was a 2020 survey (who knows the quality of the survey) suggesting 40% said they planned on using PaaK. I will say anecdotally (which doesn't mean much) you can find quite a few reports of people specifically not using PaaK due to reliability issues. But again, there is no empirical evidence that I have found that would allow anyone to make a conclusion about who is using which.

Ford knows.

But I would also bet the fob is used more frequently than PAAK. Maybe time for a survey?

Sponsored