Bluetooth Vulnerability - Paak Related

GoGoGadgetMachE

GoGoGadgetMachE

Well-Known Member
First Name
Michael
Joined
Jan 23, 2020
Threads
153
Messages
5,612
Reaction score
12,669
Location
Ohio
Vehicles
2021 Mach-E 1st Ed., 2022 Lightning Platinum
Occupation
Professional forum cheerleader and fanboy
Country flag
Logal727

Logal727

Well-Known Member
First Name
C
Joined
Aug 23, 2021
Threads
101
Messages
7,351
Reaction score
11,347
Location
Florida
Vehicles
‘21 Carbonized Gray Mustang Mach-E Premium AWD Ext
Country flag
JamieGeek

JamieGeek

Well-Known Member
Joined
Dec 29, 2019
Threads
82
Messages
3,589
Reaction score
6,823
Location
Southeastern Michigan
Website
spareelectrons.wordpress.com
Vehicles
Escape PHEV, old: Mach-E, Bolt, C-Max Energi, Focus Electric
Country flag
Odd that the autoblog article says "hundreds of miles away" but the original Reuters article does not.

Given that BLE is a short ranged protocol I wouldn't expect this to work from "hundreds of miles away" without some sort of relay.
 


JohnFoxeSheets

JohnFoxeSheets

Well-Known Member
First Name
John
Joined
Jan 29, 2022
Threads
28
Messages
3,406
Reaction score
5,504
Location
San Francisco
Website
johnfoxesheets.com
Vehicles
2022 Iced Blue Silver Mach E GT
Occupation
Retired Engineer
Country flag
JamieGeek said:
Odd that the autoblog article says "hundreds of miles away" but the original Reuters article does not.

Given that BLE is a short ranged protocol I wouldn't expect this to work from "hundreds of miles away" without some sort of relay.
Click to expand...
Exactly. In the Technical Advisory their test setup is disclosed, and as you would expect, there needs to be devices in relatively close proximity to both the user's PaaK phone and the car:

"In the test setup, the iPhone was placed on the top floor at the far end of a home, approximately 25 metres away from the vehicle, which was in the garage at ground level. The phone-side relaying device was positioned in a separate room from the iPhone, approximately 7 metres away from the phone. The vehicle-side relaying device was able to unlock the vehicle when within placed within a radius of approximately 3 metres from the vehicle."

So while theoretically the person stealing the car could have an accomplice situated near the owner's phone hundreds of miles away, in practice this is hard to see being practical. Would make for a good James Bond movie, but not likely much else.

That said, I agree that BLE is being used for things beyond its intended purpose.
 
dtbaker61

dtbaker61

Well-Known Member
First Name
Dan
Joined
May 11, 2020
Threads
126
Messages
4,822
Reaction score
4,525
Location
santa fe,nm
Website
www.envirokarma.org
Vehicles
MME (delivered 2/26/21), DIY eMiata BEV
Occupation
Solar Sales/install
Country flag
Electric Goat said:
Fortunately, my android phone gives me the ability to customize when PAAK is active. I set my PAAK to only activate if I manually open the FordPass app. Good luck hackers. That's one more barrier for them.
Click to expand...
I typically turn off either/both BT and FordPass when I'm not driving.....
 
GoGoGadgetMachE

GoGoGadgetMachE

Well-Known Member
First Name
Michael
Joined
Jan 23, 2020
Threads
153
Messages
5,612
Reaction score
12,669
Location
Ohio
Vehicles
2021 Mach-E 1st Ed., 2022 Lightning Platinum
Occupation
Professional forum cheerleader and fanboy
Country flag
JamieGeek said:
Odd that the autoblog article says "hundreds of miles away" but the original Reuters article does not.

Given that BLE is a short ranged protocol I wouldn't expect this to work from "hundreds of miles away" without some sort of relay.
Click to expand...
there is a relay. it's why it's not too different than the keyfob attack ultimately.
 
RickMachE

RickMachE

Well-Known Member
Joined
Jul 1, 2021
Threads
267
Messages
17,918
Reaction score
27,899
Location
SE MI
Vehicles
2022 Mach-E Premium 4X, 2022 Lightning Lariat ER
Country flag
Polar

Polar

Well-Known Member
First Name
SBJ
Joined
Jun 5, 2021
Threads
25
Messages
652
Reaction score
1,142
Location
PNW
Vehicles
2021 Select RWD SR
Country flag
RickMachE said:
No.
Click to expand...
Well - yes.
But it’s a passcode and it’s tied to but separate from PAAK.

So have your door pin and startup passcode working and close out FordPass/Bluetooth on your phone and pin/passcode only car access.
 
dtbaker61

dtbaker61

Well-Known Member
First Name
Dan
Joined
May 11, 2020
Threads
126
Messages
4,822
Reaction score
4,525
Location
santa fe,nm
Website
www.envirokarma.org
Vehicles
MME (delivered 2/26/21), DIY eMiata BEV
Occupation
Solar Sales/install
Country flag
newmme said:
Can we just set a PIN to drive like this?

PIN to drive
Click to expand...
I suppose you could set up PAAK initially, set your Backup code, and then disable PAAK by deleting the second BT connection that gets set up for your PAAK, and always use the BackupCode after you set it up.... basically a PIN that is stored in the car's computer and has to be entered on screen.

This might also kill ALL the FordPass functionality from your phone, but it would be more secure?!
 
dtbaker61

dtbaker61

Well-Known Member
First Name
Dan
Joined
May 11, 2020
Threads
126
Messages
4,822
Reaction score
4,525
Location
santa fe,nm
Website
www.envirokarma.org
Vehicles
MME (delivered 2/26/21), DIY eMiata BEV
Occupation
Solar Sales/install
Country flag
JohnFoxeSheets said:
Exactly. In the Technical Advisory their test setup is disclosed, and as you would expect, there needs to be devices in relatively close proximity to both the user's PaaK phone and the car:

"In the test setup, the iPhone was placed on the top floor at the far end of a home, approximately 25 metres away from the vehicle, which was in the garage at ground level. The phone-side relaying device was positioned in a separate room from the iPhone, approximately 7 metres away from the phone. The vehicle-side relaying device was able to unlock the vehicle when within placed within a radius of approximately 3 metres from the vehicle."

So while theoretically the person stealing the car could have an accomplice situated near the owner's phone hundreds of miles away, in practice this is hard to see being practical. Would make for a good James Bond movie, but not likely much else.

That said, I agree that BLE is being used for things beyond its intended purpose.
Click to expand...

aha.... so when walking away from the car, it *would* be more secure to either close FordPass, and/or disable BT on your phone.... re-enabling upon approach and while driving.
 
AllenXS

AllenXS

Well-Known Member
First Name
Allen
Joined
Jan 11, 2021
Threads
13
Messages
1,339
Reaction score
1,706
Location
Richmond, BC, Canada
Vehicles
Premium Blue ER AWD
Country flag
No report on how many have actually been stolen, its still a possibility?
Sponsored

 
You must log in or register to reply here.

Similar threads

OTA vulnerability?
2
Replies
16
Views
3,451
portlandg
portlandg
Using Bluetooth to set PAAK
Replies
13
Views
2,031
05reinvent
Bluetooth 5.3 on Phone Better for PaaK?
Replies
4
Views
866
connoisseurr
connoisseurr
PAAK issues: What happened to the second Bluetooth connection?
2
Replies
16
Views
6,584
06VistaGT
06VistaGT
  • Poll
Poll: PaaK Pixel Performance After Google Fixed Bluetooth
Replies
4
Views
766
jdhzzz
jdhzzz
 







Top