PaaK Question/Annoyance

PaaK_Android · Dec 4, 2021

Jimrpa said:
Thanks!

Im not sure I understand why the concept of I, as the vehicle owner, being able to give another person a (time-limited) guest key to my vehicle would be considered irresponsible?

Here’s a real-world example: a very good friend is visiting and staying at my home for a few weeks. I’ve established “guest codes” on the electronic locks at my home for him to use. Ideally, I’d like the option to go into ford pass or my ford account, and generate a key to my Mustang Mach E that I can send him which he can use, until I revoke the key. FordPass doesn’t have that functionality. Instead, he had to create an account on ford.com, enter my vehicle VIN and set up a key with the fob in the vehicle just as I do as the vehicle owner. Now, I have no control over the key he created and, from ford’s perspective, he is a vehicle owner, just like me. This is actually less secure.

Currently our servers do not support the concept of a owner key/owner account. Granting the ability to remove keys for everyone who has access to the vehicle would be irresponsible at best. That level of control should only be for the owner, but because we can't tell who the owner is, we can't grant this permission to anyone.

scoopman · Dec 4, 2021

PaaK_Android said:
Currently our servers do not support the concept of a owner key/owner account. Granting the ability to remove keys for everyone who has access to the vehicle would be irresponsible at best. That level of control should only be for the owner, but because we can't tell who the owner is, we can't grant this permission to anyone.

It also raises all sorts of non-technical issues such as which person should be able to be the "owner". Before all of these latest advancements with digital-only access, the FOB ("what you have") was seen as enough to authenticate and control access. There are a lot of complex social issues to work through such as when couples break up, hacking an admin account and using this to steal a car, etc etc etc .....

Jimrpa · Dec 6, 2021

PaaK_Android said:
Currently our servers do not support the concept of a owner key/owner account. Granting the ability to remove keys for everyone who has access to the vehicle would be irresponsible at best. That level of control should only be for the owner, but because we can't tell who the owner is, we can't grant this permission to anyone.

I understand that. I realize that it would require a big redesign but @Ford Motor Company has a HUGE security hole right now. Many people are using their fobs. Frankly, a lot of people use their fobs instead of the very cumbersome “valet mode”. Under the current system architecture, once I hand a valet, or anyone, my fob, from Ford’s perspective, they’re an “owner” of the vehicle (think through this carefully to see what I mean). I think that hole needs to be closed at a minimum by implementing some form of 2FA.

macchiaz-o · Dec 6, 2021

Jimrpa said:
I understand that. I realize that it would require a big redesign but @Ford Motor Company has a HUGE security hole right now. Many people are using their fobs. Frankly, a lot of people use their fobs instead of the very cumbersome “valet mode”. Under the current system architecture, once I hand a valet, or anyone, my fob, from Ford’s perspective, they’re an “owner” of the vehicle (think through this carefully to see what I mean). I think that hole needs to be closed at a minimum by implementing some form of 2FA.

I don't disagree -- I'd also like to see a 2FA option. But I'll also point out that I get an email from Ford when certain actions are performed such as PaaK authorization/deauthorization and PaaK reset/clearing.

Seems like some options in the vehicle like Master Reset should require the factory door code but I don't recall that being the case? Not that the factory door code is always handled securely since dealers could take photos of it in the sun visor on new vehicles and post these on web sites, but still...

Jimrpa · Dec 6, 2021

first, I am not any type of security professional (nor did I stay at a Holliday Inn last night ?), but I do deal with very smart security professionals as part of my job, and I absorb bits and pieces through “sleep learning” while they ramble on. My point is that, the more I think about it, the more problematic the entire security scheme of the vehicle and FordPass seems to be. Perhaps the best way to handle it would be a chain of custody, starting with the dealership, to initiate 2FA with ford??

PaaK_Android · Dec 6, 2021

@Jimrpa just to make sure I understand what you are saying. You are suggesting that the security hole is in the lack of an owner account or owner ID for a vehicle? Not questioning your suggestion, just want to clarify before I potentially provide an unrelated answer.

scoopman · Dec 6, 2021

It's not a security hole. Cars have been around for a very very long time, and it's kinda accepted in our world that "what you have" -- aka Key FOB -- denotes someone who is authorized to control everything about the car physically.

This is why dealers are the ones who give you your FOBs, and they are the only ones who are supposed to be able to program a new one for your vehicle.

Now if you'd like to treat the car differently and have higher levels of security, sure, you can do 2FA with some other physical second factor or passcode (or "what you know") but I would sorta contend that this is outsized friction compared with the threats you're trying to guard against for the general consumer who doesn't have identity security background.

People understand "giving someone your keys" and the implications this has. The car does have a valet mode and code (but these are tough for a typical customer to understand) and it also, as others pointed out, sends an email informing you if anything digitally is created.

I'm just trying to understand why you think the Mach-E is different than another vehicle in terms of making sure your FOBs are secure, and understanding that giving someone your FOB means they have authorization to use your car.

Jimrpa · Dec 7, 2021

PaaK_Android said:
@Jimrpa just to make sure I understand what you are saying. You are suggesting that the security hole is in the lack of an owner account or owner ID for a vehicle? Not questioning your suggestion, just want to clarify before I potentially provide an unrelated answer.

Hi, and thanks for asking me to clarify. Here's my scenario. I'm a nefarious valet. I create an account on ford.com. You, a kindly, honest Mustang Mach E owner show up at Val's Vegan Valley Inn for dinner and toss me your fob. I park your car, grab your VIN off the VIN tag on the dash, and enter it into my Ford account, thus making the car "mine". I then download FordPass and sign into it. FordPass of course, shows "my" Mustang Mach E. I then take my phone and your fob to your Mustang Mach E, generate a key, and voila, I have a key for the car and you're none the wiser.
Yes, you could argue that this weakness has always existed with physical keys (which is why car companies began chipping keys), but there was no reason to leave this door open when the new PAAK system was architected

But hey, what do I know - I'm just a dumb program manager; they don't let me near any fun stuff because I'll break it

PaaK_Android · Dec 7, 2021

Jimrpa said:
Hi, and thanks for asking me to clarify. Here's my scenario. I'm a nefarious valet. I create an account on ford.com. You, a kindly, honest Mustang Mach E owner show up at Val's Vegan Valley Inn for dinner and toss me your fob. I park your car, grab your VIN off the VIN tag on the dash, and enter it into my Ford account, thus making the car "mine". I then download FordPass and sign into it. FordPass of course, shows "my" Mustang Mach E. I then take my phone and your fob to your Mustang Mach E, generate a key, and voila, I have a key for the car and you're none the wiser.
Yes, you could argue that this weakness has always existed with physical keys (which is why car companies began chipping keys), but there was no reason to leave this door open when the new PAAK system was architected But hey, what do I know - I'm just a dumb program manager; they don't let me near any fun stuff because I'll break it

There is a notification to all users when a new key is setup. Is this situation assuming that there is no previous accounts for the vehicle?

Jimrpa · Dec 7, 2021

PaaK_Android said:
There is a notification to all users when a new key is setup. Is this situation assuming that there is no previous accounts for the vehicle?

In the situation I envision, there is an authorized PAAK user already - the owner (you in my little example).
It so happens that I have an opportunity to try an experiment today. My friend who I am letting use my car, just bought a new phone last night. We will have to deauthorize his old phone, then add his new phone. While not identical to the scenario I received, it’s close. Let me see what happens.
I’ll note that, unless the message allows me to deny, it’s probably not very helpful.

PaaK_Android · Dec 7, 2021

Jimrpa said:
In the situation I envision, there is an authorized PAAK user already - the owner (you in my little example).
It so happens that I have an opportunity to try an experiment today. My friend who I am letting use my car, just bought a new phone last night. We will have to deauthorize his old phone, then add his new phone. While not identical to the scenario I received, it’s close. Let me see what happens.
I’ll note that, unless the message allows me to deny, it’s probably not very helpful.

No deny option. But it will send you a notification from the app. And perhaps an email as well.

Jimrpa · Dec 7, 2021

PaaK_Android said:
No deny option. But it will send you a notification from the app. And perhaps an email as well.

Ok, cool. I’ll let you know what I find out when i add my friends new phone. By the way, I really appreciate your engagement and interest here! It’s very much appreciated (even though I am an apple fanboy ?)

PaaK_Android · Dec 7, 2021

Jimrpa said:
Ok, cool. I’ll let you know what I find out when i add my friends new phone. By the way, I really appreciate your engagement and interest here! It’s very much appreciated (even though I am an apple fanboy ?)

Happy to help where I can. And that explains everything ?. Good luck with your testing!

Chuck · Dec 7, 2021

scoopman said:
This is why dealers are the ones who give you your FOBs, and they are the only ones who are supposed to be able to program a new one for your vehicle.

Yet I was able to easily program a third FOB myself using the area within the center console.

benk016 · Dec 7, 2021

Chuck said:
Yet I was able to easily program a third FOB myself using the area within the center console.

This can only be done if you have two key fobs. So someone would have to have access to both of your fobs, if you have two, to be able to setup a 3rd.

PaaK Question/Annoyance

PaaK_Android

Well-Known Member

scoopman

Well-Known Member

Jimrpa

Well-Known Member

macchiaz-o

Well-Known Member

Jimrpa

Well-Known Member

PaaK_Android

Well-Known Member

scoopman

Well-Known Member

Jimrpa

Well-Known Member

PaaK_Android

Well-Known Member

Jimrpa

Well-Known Member

PaaK_Android

Well-Known Member

Jimrpa

Well-Known Member

PaaK_Android

Well-Known Member

Chuck

Well-Known Member

benk016

Well-Known Member

Similar threads