My Mach-E Was Stolen

[DevSecOps]

Just wondering if any of you who deliberately leave (and hide) your fob in the car, relying on the combo on the driver's door for locked exit and subsequent entry, also take the additional step of putting that fob in a Faraday cage before concealing it somewhere within the car..?

Do you know where to get any that are small that are also ruggedized? All of the ones I've seen are just bags that could easily but cut open. Then of course there's ones that look like vaults. If you know where to get one that's small and rugged let us know.

Sponsored

 

[Kabish]

Right and who's gonna have the master key to reset it when someone loses the 2FA? We gonna have to go to the CHP to verify identity to get a recovery?

I mean, you are apparently in IT Security, its not rocket science. You could use as little as a SMS message to the registered PAAK device(s). Or require your PAAK door code to be entered, or even your backup start password. That would allow anyone with a registered PAAK to receive the message to authenticate and remove a device.

Nice way to cherry pick one of my many examples.

I did not realize I was going to be drilled on the forums tonight, sorry next time I'll pick a better topic just for you. Maybe I'll find a post about how not to be an elites ass clown. I've known a few repo guys, retired military, not the people you really want to mess with. So it just made me laugh when I read that so it was on my mind.

If they can spoof or relay then they can jam or remove the modem

A 12yr old can relay a fob after watching a 5 minute youtube video. My reason for that statement is that someone could relay the fob, remove the PAAK and then just drive off to the sunset because its incredibly easy to do. Ford is not going to track the car for recovery, the police are not going to track the car for recovery. As you said, that is what insurance is for and LoJack systems are for. Could it hypothetically be tracked, sure but not for some average Joe.

End of the day, if someone wants to steal your car its going to get stolen, hands down. The goal in security is to make you less of a target by putting measures in place to make the thief go to another target. The OP has shown a weakened aspect of the cars security that other owners might had also thought they could use incase their car was stolen. I don't see the big deal on discussing it.

 

[Kabish]

Seems like a good idea. That would prevent anyone who gained entry from simply driving away, as the fob must first be removed from the cage to communicate and be used with the vehicle.

Don't worry about Mr Grump pants, not sure what his deal is. Only ignored one person on this form, with him being my second.

As far as your question, yes, you could HIDE (the part Mr grumpy pants failed to read) your fob in a bag. This would prevent someone from just breaking your glass and jumping into your car and pushing the start button.

There is a little bit of a down side to that though. There are people on this form that use a bag, myself included but I use it for my fob at home, but they use it as a backup to PAAK. So they tuck the fob into the bag and then put it in a good hiding spot. That way if their PAAK fails they can hope the PAAK code or factory code will open the door which will allow them to get to their key. Using it for daily or even casually opening/closing of the bag will eventually allow it to start leaking out a signal. The bags really aren't made for frequent opening/closing unless maybe you go all out and buy some crazy expensive bag.

 

[DevSecOps]

I mean, you are apparently in IT Security

Yes I am and if you understood the profession you would know that 2FA is never a solution for negligence. I preach 2FA all day every day, but if you think about what 2FA secures it's always PII and information that can harm people or their lives. We don't have extreme security in datacenters to protect the equipment, we have it to protect the data contained within. The data that has information, that in the wrong hands can harm people. As a point of argument SMS is about the worst 2FA on earth especially given the recent data breach with Syniverse. Lastly, PaaK and the user codes aren't required to have the car added to FP. I don't think we have any confirmation from the OP that he had PaaK activated. I'm not against having 2FA but there has to be a level of personal responsibility.

Theft of a vehicle is not harming anyone. We have insurance and other means to replace the car. Having a device in the car that could be used to track someone without the ability to remove it is normally classified as dangerous. Recently there was a guy who placed a Airtag on girls car and he was charged with a crime for stalking that person. If the guy had this ability via an app and he was the only one with the 2FA how would that be different? There's a balance that has to be struck in security and that's not always easy, there's always tradeoffs. Connected cars are an upcoming challenge and we'll eventually strike balance.

Up until recently even Tesla had the ability to reset the car and remove the phone. This was changed but the major difference is that Tesla has a registry of owners. When you sell your Tesla you have to update that registry with them, just like the DMV. I personally think that's a little over the top. Tesla can also track cars and can actually drive and manipulate the cars from their HQ. I and many others in the IT Security world have serious concerns about this. Tesla has confirmed that they will eventually be able to repo cars via FSD and just drive the cars back to them. Again many of us have concerns over this.

As for my comment to @WildfireOne which you took hilariously wrong, I asked a simple question of them which I think is completely valid. Where could I get one of these? If someone locks their key in the car and a window is broken then I don't see why you think a Faraday bag is going to do anything. Once they obtain the key, if they find it, they can just drive away with the car once it's out of the bag. This is why I asked if there was a rugged version that couldn't be easily opened. If a FOB is locked in the car the car disables the recognition of the FOB until it's unlocked, but it doesn't disable the actual key presses of the FOB.

If you're ever in Sacramento let me know I'll take you out for a drink, since it looks like you need to relax a bit.

 

[Jonno21]

Might just be a UK thing but my insurance is invalidated if the car is stolen with the key in the car for obvious reasons, so no pay out. The door code facility makes no difference.

 

[67 Stang Convertible]

OP, That sucks for you!!! Hopefully insurance will reimburse. I'm with the poster that hopes you don't find the car. Take the insurance money and get a GT!!!

ps. why was there damage to other cars around it? And if they hit other cars while moving your MME; no one heard that?? Damn wish I slept as sound.

 

[Kandiru]

Very sorry to hear, vehicles missing more than 24h usually will be non-driveable but do not despair, a friend had his car returned from 3 states away a month later with major aftermarket upgrades (no parcel shelf brakelit crown though).

Gangs use juvies for serial crimes, all know slate will be wiped clean at 18yo, and in true US tradition, parents bear absolutely no responsibility for their crimes.

After a number of thefts Teslas finally got PIN to drive and open glovebox about a year ago, however I had to go third party 3D printed locks for the rear backrest with warning notice on quarter panel window, as once smashed they can get into the trunk.

 

[Kamuelaflyer]

Just wondering if any of you who deliberately leave (and hide) your fob in the car, relying on the combo on the driver's door for locked exit and subsequent entry, also take the additional step of putting that fob in a Faraday cage before concealing it somewhere within the car..?

Seems like a good idea. That would prevent anyone who gained entry from simply driving away, as the fob must first be removed from the cage to communicate and be used with the vehicle.

Just a thought.

I use a faraday bag when the fob is in the car. The fob is never left in the car without being in a faraday bag and well hidden. I also do not hide it in any obvious locations. It’s not in the glovebox, center console, underneath the charging tray, in a seatback pocket or under a mat. Use your imagination, there are some really good hiding spots.

Faraday Bag for Key Fob (2 Pack), TICONN Faraday Cage Protector - Car RFID Signal Blocking, Anti-Theft Pouch, Anti-Hacking Case Blocker (Carbon Fiber https://www.amazon.com/dp/B07MDF5TX9/ref=cm_sw_r_cp_apip_YTo2mqQOH94iK

 

[RonTCat]

Woke up early yesterday morning to find that my Mach-E had been stolen. Whoever stole it knew enough to delete my phone as a key (why is there no 2FA before deletion?), but not enough to take it without damaging other vehicles around it.

The deputy they sent out sounded pretty sure they'd find it and that it was a question of when and not if, but the answers I've been getting from since then isn't filling me with confidence.

I've contacted Ford support and they ensured me there is no way to track the vehicle, but that doesn't make any sense to me considering the Vehicle Location functionality in the FordPass app. All they said I could do was make a modem log request - through mail no less - to the Office of the General Counsel.

I've also tweeted at Ford to try to get some more information but I figured I'd post here too to see if there's anything else that can be done. The detectives are actually waiting for me to get them more information.

I'd appreciate any info/advice!

Just tell your local law enforcement to contact Ford and request the vehicle location. This is common, and done all the time.

 

[Thesmoothdome]

Well that's dumb ... what's the point of locking your FOB in the car? What use case is there for that? Wouldn't it just unlock immediately because the key is present?

Plenty of uses. I race bicycles. When I'm racing, I don't want a key fob or a phone in my jersey. Landing on them in the event of a crash is painful, especially given the size of this fob, and carrying a $1200 phone in this situation is just stupid. I'm sure surfers, competitive runners, and people wearing yoga pants feel the same way.

 

[Mach1E]

I use a faraday bag when the fob is in the car. The fob is never left in the car without being in a faraday bag and well hidden. I also do not hide it in any obvious locations. It’s not in the glovebox, center console, underneath the charging tray, in a seatback pocket or under a mat. Use your imagination, there are some really good hiding spots.

Faraday Bag for Key Fob (2 Pack), TICONN Faraday Cage Protector - Car RFID Signal Blocking, Anti-Theft Pouch, Anti-Hacking Case Blocker (Carbon Fiber https://www.amazon.com/dp/B07MDF5TX9/ref=cm_sw_r_cp_apip_YTo2mqQOH94iK

Thanks for the link!

Gotta love the auto-translation they used on that Amazon posting:

signal transmitted and lead to car stolen

Put your car key into the inner pocket, but the outer pocket.

Put your car key into Faraday bag after to protect your car.

It provides signal blocking functions as well as a luxurious fashionable appurtenance

——-

I feel like those just aren’t quite the words they were going for. Price is good though!

Edit: I read some of the reviews and wouldn’t recommend this bag. Too many red flags-

Badly translated English- red flag

7,000+ global reviews- huge red flag they pay people for fake reviews

Dozens of US 1 star reviews- tons of people saying it doesn’t work or quits working after a few weeks. These would be the reviews I trust.

 

[Aquar33f]

Yes I am and if you understood the profession you would know that 2FA is never a solution for negligence. I preach 2FA all day every day, but if you think about what 2FA secures it's always PII and information that can harm people or their lives. We don't have extreme security in datacenters to protect the equipment, we have it to protect the data contained within. The data that has information, that in the wrong hands can harm people. As a point of argument SMS is about the worst 2FA on earth especially given the recent data breach with Syniverse. Lastly, PaaK and the user codes aren't required to have the car added to FP. I don't think we have any confirmation from the OP that he had PaaK activated. I'm not against having 2FA but there has to be a level of personal responsibility.

Theft of a vehicle is not harming anyone. We have insurance and other means to replace the car. Having a device in the car that could be used to track someone without the ability to remove it is normally classified as dangerous. Recently there was a guy who placed a Airtag on girls car and he was charged with a crime for stalking that person. If the guy had this ability via an app and he was the only one with the 2FA how would that be different? There's a balance that has to be struck in security and that's not always easy, there's always tradeoffs. Connected cars are an upcoming challenge and we'll eventually strike balance.

Up until recently even Tesla had the ability to reset the car and remove the phone. This was changed but the major difference is that Tesla has a registry of owners. When you sell your Tesla you have to update that registry with them, just like the DMV. I personally think that's a little over the top. Tesla can also track cars and can actually drive and manipulate the cars from their HQ. I and many others in the IT Security world have serious concerns about this. Tesla has confirmed that they will eventually be able to repo cars via FSD and just drive the cars back to them. Again many of us have concerns over this.

As for my comment to @WildfireOne which you took hilariously wrong, I asked a simple question of them which I think is completely valid. Where could I get one of these? If someone locks their key in the car and a window is broken then I don't see why you think a Faraday bag is going to do anything. Once they obtain the key, if they find it, they can just drive away with the car once it's out of the bag. This is why I asked if there was a rugged version that couldn't be easily opened. If a FOB is locked in the car the car disables the recognition of the FOB until it's unlocked, but it doesn't disable the actual key presses of the FOB.

If you're ever in Sacramento let me know I'll take you out for a drink, since it looks like you need to relax a bit.

Woke up early yesterday morning to find that my Mach-E had been stolen. Whoever stole it knew enough to delete my phone as a key (why is there no 2FA before deletion?), but not enough to take it without damaging other vehicles around it.

The deputy they sent out sounded pretty sure they'd find it and that it was a question of when and not if, but the answers I've been getting from since then isn't filling me with confidence.

I've contacted Ford support and they ensured me there is no way to track the vehicle, but that doesn't make any sense to me considering the Vehicle Location functionality in the FordPass app. All they said I could do was make a modem log request - through mail no less - to the Office of the General Counsel.

I've also tweeted at Ford to try to get some more information but I figured I'd post here too to see if there's anything else that can be done. The detectives are actually waiting for me to get them more information.

I'd appreciate any info/advice!

Just wondering between a (somewhat) working PAAK solution, door pin code, and separate startup pin code, in the cases where one would need to hide or leave a key, don’t the other methods provide enough options to not have to leave the fob anymore? Or the minor inconvenience of the start up pin is a reasonable trade off for security I would think…

 

[RickMachE]

I believe one can simply wrap the phone / fob in plastic, then in aluminum foil (multiple layers possibly), and not have any issues.

Of course, there are simple things to wear around your neck or strap to your arm / leg to hold your fob/phone, including waterproof ones, therefore there is no reason to ever leave either in the vehicle.

We went to Hawaii years ago, and went snorkeling. I made phone calls to people from over a mile out in the water, floating...

I would never leave either in my vehicles.

 

[Timelessblur]

Thanks for the link!

Gotta love the auto-translation they used on that Amazon posting:

signal transmitted and lead to car stolen

Put your car key into the inner pocket, but the outer pocket.

Put your car key into Faraday bag after to protect your car.

It provides signal blocking functions as well as a luxurious fashionable appurtenance

——-

I feel like those just aren’t quite the words they were going for. Price is good though!

Edit: I read some of the reviews and wouldn’t recommend this bag. Too many red flags-

Badly translated English- red flag

7,000+ global reviews- huge red flag they pay people for fake reviews

Dozens of US 1 star reviews- tons of people saying it doesn’t work or quits working after a few weeks. These would be the reviews I trust.

To be fair you can make your own for next to nothing. All it takes is some aluminum foil and wrapping it around the key. That is going to work just as well. Mind you it looks like garbage but it still works.

 

[RMoore]

Won’t plain old aluminum foil work effectively as a Faraday cage? If you leave your FOB in the car seems sensible to at least shield it from scanners. Not sure it this is outdated but these devices are apparently not uncommonly used by thieves:

https://www.wfmynews2.com/article/n...ice-allows-thieves-to-steal-cars/83-392695289

edit: just saw the prior posts only after posting mine.

Sponsored