Sophisticated Car Thefts

[IMDIDOC]

Anybody see this? Has this been addressed for the MME?

https://www.cbsnews.com/news/cars-hacked-stolen-keyless-vehicle-thefts/

Sponsored

 

[Logal727]

Anybody see this? Has this been addressed for the MME?

https://www.cbsnews.com/news/cars-hacked-stolen-keyless-vehicle-thefts/

I mean it’s just a fob repeater, if you’re concerned, put your fob in a faraday bag at night or keep it far away from the vehicle.

 

[IMDIDOC]

I mean it’s just a fob repeater, if you’re concerned, put your fob in a faraday bag at night or keep it far away from the vehicle.

It's a safe distance away, so no worries. It's just amazing how technology can be used in criminal activities. Someone once said if you don't want any risk of having your car stolen, don't own one.

 

[ArthurDOB]

I saw this. Two takeaways:
1: Keep your keys away from the front door.
2: Keep your car in the garage

 

[Mach-Lee]

Ford needs to add motion sensors in the key fobs so they become disabled if they remain stationary for more than a couple minutes.

PAAK may also be susceptible to a Bluetooth relay attack, so I recommend keeping the FordPass app closed (and prevented from running in the background) when not using your vehicle.

 

[Logal727]

PAAK may also be susceptible to a Bluetooth relay attack

I don’t think this is correct. I remember when this came up a while ago, but I’m too lazy to argue about it now lol

 

[Mach-Lee]

I don’t think this is correct. I remember when this came up a while ago, but I’m too lazy to argue about it now lol

Low latency (~8 ms), link level attacks have been developed, which would be very difficult to protect against. They work on Teslas, I would imagine it would also work on Fords too. This attack didn’t exist yet when PAAK was developed.

https://www.bleepingcomputer.com/ne...sla-model-3-y-using-new-bluetooth-attack/amp/

 

[voxel]

I don’t think this is correct. I remember when this came up a while ago, but I’m too lazy to argue about it now lol

Any system that uses BLE without UWB is susceptible to Bluetooth hacking. Digital Key 3.0 system with UWB is supposed to solve the security concerns.

I think Digital Key 1.0 or 2.0 are NFC based... like on my Ioniq 5 and BMW i4 where you have to tap the phone against a specific location on the car (usually door handle).

Tesla, Ford PAAK, Rivian, etc. are all problematic PAAK systems.

 

[Cm12]

Low latency (~8 ms), link level attacks have been developed, which would be very difficult to protect against. They work on Teslas, I would imagine it would also work on Fords too. This attack didn’t exist yet when PAAK was developed.

https://www.bleepingcomputer.com/ne...sla-model-3-y-using-new-bluetooth-attack/amp/

This is why we can’t have nice things.

 

[Motomax]

Glad you finally came out from under your rock lol. This has been an issue since push to start came out.

 

[JohnFoxeSheets]

Ford needs to add motion sensors in the key fobs so they become disabled if they remain stationary for more than a couple minutes.

PAAK may also be susceptible to a Bluetooth relay attack, so I recommend keeping the FordPass app closed (and prevented from running in the background) when not using your vehicle.

Low latency (~8 ms), link level attacks have been developed, which would be very difficult to protect against. They work on Teslas, I would imagine it would also work on Fords too. This attack didn’t exist yet when PAAK was developed.

https://www.bleepingcomputer.com/ne...sla-model-3-y-using-new-bluetooth-attack/amp/

Interestingly Ford could presumably easily enable the motion requirement on the FP app so that PaaK doesn’t work when the phone is stationary. That would go a long way to address PaaK as an attack vector.

 

[Mach-Lee]

Interestingly Ford could presumably easily enable the motion requirement on the FP app so that PaaK doesn’t work when the phone is stationary. That would go a long way to address PaaK as an attack vector.

Yup, the iPhone has the perfect developer parameter for that, so would be easy to implement:

If the phone is stationary for 5 continuous minutes, then it should disable PAAK replies. This would also help avoid 12V battery drains and break ins when people park close to their phone. There would be a learning curve and people would have to be educated about the motion requirement to avoid frustration. For example, if someone has been sitting in their car parked with their phone on the seat for a few minutes, you'd have to pick up your phone before you could start the car.

 

[MellowJohnny]

The solution is not software...it's hardware

https://toronto.citynews.ca/video/2...installing-steel-posts-to-prevent-auto-theft/

This is how bad it is in Toronto right now.

Honestly I think EVs are less likely to be stolen. Thieves want easy, not complicated. Gas is easy. DCFC is hard.

 

[generaltso]

Ford needs to add motion sensors in the key fobs so they become disabled if they remain stationary for more than a couple minutes.

I believe that's a regulatory requirement in the UK. That's why the MMEs there get an old school generic Ford fob.

 

[the golden eel]

I've wondered about this before... If someone were to steal my MME, wouldn't I be able to see where it is in the FordPass app?

Sponsored