OTA vulnerability?

[prius2pony]

I’ve done very little research, so I’m crowdsourcing for a basic answer here. I heard about a problem at Tesla a week or so ago that prevented all (?) Tesla owners from being able to start their cars until the mothership problem was resolved. Is the Mach-e susceptible to this sort of problem? And I know it’s an entirely different issue, but what are the security vulnerabilities —e.g. the possibility a bad actor could hack your car while you’re driving it?

Sponsored

 

[DaveRuns]

I’ve done very little research, so I’m crowdsourcing for a basic answer here. I heard about a problem at Tesla a week or so ago that prevented all (?) Tesla owners from being able to start their cars until the mothership problem was resolved. Is the Mach-e susceptible to this sort of problem? And I know it’s an entirely different issue, but what are the security vulnerabilities —e.g. the possibility a bad actor could hack your car while you’re driving it?

The issue was people couldnt get into their cars via the app. Shouldn't be an issue for Mach-E, since you can use the pin code on the pillar to get in, and use the pin code on the screen to start the car.

 

[JellyBelly]

The issue was people couldnt get into their cars via the app. Shouldn't be an issue for Mach-E, since you can use the pin code on the pillar to get in, and use the pin code on the screen to start the car.

Or with the keyfob I assume?

 

[JellyBelly]

I’ve done very little research, so I’m crowdsourcing for a basic answer here. I heard about a problem at Tesla a week or so ago that prevented all (?) Tesla owners from being able to start their cars until the mothership problem was resolved. Is the Mach-e susceptible to this sort of problem? And I know it’s an entirely different issue, but what are the security vulnerabilities —e.g. the possibility a bad actor could hack your car while you’re driving it?

I do think cybersecurity vulnerabilities exist with all these devices (cars) - we have to hope Ford is being as vigilant as they can be and has redundant systems to at least drive the car from A to B. If there is a feature to block OTA updates that is a benefit in case of a concern - OTA update is one of the biggest sources of such vulnerabilities - but not much is known at this time. There may be other avenues where in the vehicle is communicating with some other site that is not yet apparent.

 

[timbop]

I do think cybersecurity vulnerabilities exist with all these devices (cars) - we have to hope Ford is being as vigilant as they can be and has redundant systems to at least drive the car from A to B.

It is absolutely a vulnerability, and always will be. There's no 100% foolproof defense.

 

[jhalkias]

Nothing is foolproof. That is a given. However, Tesla did some pretty stupid things (from my perspective). No Key fob. No other access way other than a phone or a "card".

However, beyond this, that event also pinpointed a weakness of the Supercharger network. It was down too. Since all communication with the charger happens with the connection to the car - no screen or payment buttons on the chargers themselves - people were stranded with the inability to also fuel their vehicles. In urban areas where Tesla owners don't have L2 chargers and rely on the network, this caused havoc.

Although some I KNOW will disagree . . . such simplicity and lack of redundancy can backfire.

 

[Jolteon]

I’ve done very little research, so I’m crowdsourcing for a basic answer here. I heard about a problem at Tesla a week or so ago that prevented all (?) Tesla owners from being able to start their cars until the mothership problem was resolved. Is the Mach-e susceptible to this sort of problem? And I know it’s an entirely different issue, but what are the security vulnerabilities —e.g. the possibility a bad actor could hack your car while you’re driving it?

That's not what happened.

Tesla owners couldn't *remote* start their cars, or use app controls because the server went down.

Tesla's Phone-as-key does not require internet connection on the car or on the phone.

I assume Ford's is the same way.

 

[Jolteon]

Nothing is foolproof. That is a given. However, Tesla did some pretty stupid things (from my perspective). No Key fob. No other access way other than a phone or a "card".

However, beyond this, that event also pinpointed a weakness of the Supercharger network. It was down too. Since all communication with the charger happens with the connection to the car - no screen or payment buttons on the chargers themselves - people were stranded with the inability to also fuel their vehicles. In urban areas where Tesla owners don't have L2 chargers and rely on the network, this caused havoc.

Although some I KNOW will disagree . . . such simplicity and lack of redundancy can backfire.

I mean I think you'll find the Mach-E has no mechanical key either...

The fob is exactly the same as phone-as-key, both are offline solutions.

The fob on the Mach-E is wasted money, nothing more.

The Mach-E has a fob, Phone-as-key, and SecuriCode PIN on the door + PIN to drive.

Redundancy is good, triple redundancy is unnecessarily expensive.

I can guarantee you my fob will be left at home. I wish Ford would provide a card instead.

 

[jhalkias]

I mean I think you'll find the Mach-E has no mechanical key either...

The fob is exactly the same as phone-as-key, both are offline solutions.

The fob on the Mach-E is wasted money, nothing more.

The Mach-E has a fob, Phone-as-key, and SecuriCode PIN on the door + PIN to drive.

Redundancy is good, triple redundancy is unnecessarily expensive.

I can guarantee you my fob will be left at home. I wish Ford would provide a card instead.

Is there a panic button on that Tesla card?
I tell both my wife and daughter when in large parking lots at night to keep the fob in their hand with that button handy.
Maybe Tesla has it on their phone app? I know it would be super convenient to tell the mugger to wait while you open your phone, access the app, and push that button.

Sometimes your use case is not everyone's use case. Kind of like the on-off button that has been discussed.

 

[methorian]

I love the triple redundancy personally. I can keep my fob in my backpack as backup for most work days, and to have available to quickly let a family member/friend drive if necessary. PaaK for most of my driving, and PIN as the ultimate backup when I somehow don't have my phone or fob handy.

 

[RyZt]

The Mach-E has a fob, Phone-as-key, and SecuriCode PIN on the door + PIN to drive.

Redundancy is good, triple redundancy is unnecessarily expensive.

I can guarantee you my fob will be left at home. I wish Ford would provide a card instead.

My workplace hasn't reopened offices yet. Prior to COVID, my office provides valet, who park the cars along one side of aisles in the parking lot. Otherwise, there isn't enough parking at my workplace. If I get to the office late in a day (after or around 11ish), I'd have no choice but to use it.

* Card is ideal for valet.
* PIN is great for backup when PaaK doesn't work, but I don't know how well it will work for valet. (Write down two lines of number on the valet tickets? That feels too much hassle for me and for the valet.)
* I certainly don't want to keep fob in my pocket just for occasional use of valet. I suppose I could get a faraday bag for fobs, and hide the fob in my car. But I don't like that idea. EDIT: I saw @methorian replied about keeping the fob in the backpack. Nice idea. My fob will be in a faraday bag in my backpack.

 

[methorian]

My workplace hasn't reopened offices yet. Prior to COVID, my office provides valet, who park the cars along one side of aisles in the parking lot. Otherwise, there isn't enough parking at my workplace. If I get to the office late in a day (after or around 11ish), I'd have no choice but to use it.

* Card is ideal for valet.
* PIN is great for backup when PaaK doesn't work, but I don't know how well it will work for valet. (Write down two lines of number on the valet tickets? That feels too much hassle for me and for the valet.)
* I certainly don't want to keep fob in my pocket just for occasional use of valet. I suppose I could get a faraday bag for fobs, and hide the fob in my car. But I don't like that idea. EDIT: I saw @methorian replied about keeping the fob in the backpack. Nice idea. My fob will be in a faraday bag in my backpack.

The Mach-E will also have a Valet option, though I do not know how it works. I assume it provides a temporary PIN for Valet only, which should limit what the driver could do while driving with a Valet PIN.

I'd also assume you could use the FordPass app to disable the Valet PIN/etc.

 

[zhackwyatt]

The Mach-E will also have a Valet option, though I do not know how it works. I assume it provides a temporary PIN for Valet only, which should limit what the driver could do while driving with a Valet PIN.

That's exactly how it works.

I'd also assume you could use the FordPass app to disable the Valet PIN/etc.

That, I don't know.

 

[ChasingCoral]

The Mach-E will also have a Valet option, though I do not know how it works. I assume it provides a temporary PIN for Valet only, which should limit what the driver could do while driving with a Valet PIN.

I'd also assume you could use the FordPass app to disable the Valet PIN/etc.

We don't know about limiting actions but I like the fact that you assign your own PIN. Usually when a valet walks up, they hand you a ticket stub with a number. You can just input that number:

 

[RyZt]

We don't know about limiting actions but I like the fact that you assign your own PIN. Usually when a valet walks up, they hand you a ticket stub with a number. You can just input that number:

The photo you showed is the PIN to disable valet mode (i.e. to remove valet restrictions). This is not a code that you will give to valet.