What's to prevent stealing a Mach-E with FORDPASS + car's VIN?

Paulalex01

Well-Known Member
First Name
Paul
Joined
May 13, 2020
Messages
191
Reaction score
209
Location
Sanford, NC
First Name
Paul
Vehicles
1999 F-150, 2019 Miata, 2009 Element
Occupation
Retired - Electrical Engineer
Country flag
I'm not sure this is the proper forum topic but, here it goes. , I just test drove the FCTP MACH-E Premier at my dealers. I was able to pair my iPhone to the car. The dealer had given me the VIN in advance.

Question for forum and any FORD engineers on forum. What is to prevent anyone with a smartphone from downloading FORDPASS entering the car's VIN, pairing, and driving off. Now, I did have to be in the car and interact with the screen. But, I looked in the manual and could find no lock-out means in the text or on the display to prevent pairing of unwanted smartphones. Just asking. Loved the car BTW. Mine is supposed to be here next week. Word of advice, NEVER leave your Mach-E unlocked!





Advertisement

 

TheVirtualTim

Well-Known Member
First Name
Tim
Joined
Oct 11, 2020
Messages
373
Reaction score
762
Location
Dearborn, MI
First Name
Tim
Vehicles
Mach-E First Edition, Escape Hybrid
Country flag
What is to prevent anyone with a smartphone from downloading FORDPASS entering the car's VIN, pairing, and driving off.
A couple of things:

Once a car has been 'Activated' via Ford Pass and accepted in the car, that same car can't be independently activated again.

I found this out (almost accidentally but I did do a little research). I had activated the car with my phone. I logged into my Ford Pass account and did the initial 'Activate' and then accepted it on the car.

Later, my spouse logged into his Ford Pass account (different email address) to 'Activate' the car the same way I did.

Instead of working (he was sitting inside the car when he did it and we were expecting the message to pop-up on the car screen) he got an error message that the car was already activated and that if he wants to add is phone it will send a request to me (since my phone originally activated the car).

I 'Accepted' his request and his phone started working.

But wait ... there's more!

A person can only attempt to activate another phone FOUR times. If you decline an activation request four times... that account is locked out and it can never request an activation again. I presume this is to prevent people from wandering through parking lots sending activation requests to owners. They sort of have to allow people a few tries just in case someone accidentally screws up.
 

rockatansky

Member
Joined
Jul 1, 2020
Messages
14
Reaction score
37
Location
CA
Vehicles
Premium Infinite Blue Mach-E ER RWD
Country flag
When I went to add my wife's Escape to my Ford Pass app, after she had added it to hers, I had to wait for her to approve my adding it. I would imagine that if someone added it, after the owner, something similar would happen. Without the owner's approval, pairing would fail.
 
OP
Paulalex01

Paulalex01

Well-Known Member
First Name
Paul
Joined
May 13, 2020
Messages
191
Reaction score
209
Location
Sanford, NC
First Name
Paul
Vehicles
1999 F-150, 2019 Miata, 2009 Element
Occupation
Retired - Electrical Engineer
Country flag
  • Thread starter
  • Thread Starter
  • #4
A couple of things:

Once a car has been 'Activated' via Ford Pass and accepted in the car, that same car can't be independently activated again.

I found this out (almost accidentally but I did do a little research). I had activated the car with my phone. I logged into my Ford Pass account and did the initial 'Activate' and then accepted it on the car.

Later, my spouse logged into his Ford Pass account (different email address) to 'Activate' the car the same way I did.

Instead of working (he was sitting inside the car when he did it and we were expecting the message to pop-up on the car screen) he got an error message that the car was already activated and that if he wants to add is phone it will send a request to me (since my phone originally activated the car).

I 'Accepted' his request and his phone started working.

But wait ... there's more!

A person can only attempt to activate another phone FOUR times. If you decline an activation request four times... that account is locked out and it can never request an activation again. I presume this is to prevent people from wandering through parking lots sending activation requests to owners. They sort of have to allow people a few tries just in case someone accidentally screws up.
This is good to know. The manual is pretty vague. Thank You. I'll email the dealer because they had no idea. And, tell them they need to deactivate my phone from the car.
 

Plutoman15

Well-Known Member
Joined
Jun 30, 2020
Messages
243
Reaction score
224
Location
Chambersburg, PA
Vehicles
Excursion, Expedition
Country flag
Can you activate 2 phones using the same login for fordpass?

if the answer is yes, what keeps someone from hacking your ford account and using their phone to steal the car?
 
Last edited:

Plutoman15

Well-Known Member
Joined
Jun 30, 2020
Messages
243
Reaction score
224
Location
Chambersburg, PA
Vehicles
Excursion, Expedition
Country flag
I guess I'm missing something. Why is this not sufficient?
I think after you have it activated it can not be stolen.

but what keeps someone at a dealer from using the vin, bust the window and push the button on the screen? Alarm system detect broken window maybe? What if they jimmy the door and push the activate screen?
 

RyZt

Well-Known Member
Joined
Nov 17, 2019
Messages
437
Reaction score
493
Location
San Jose
Vehicles
Mach E4X, previously CMax Hybrid
Country flag
I think after you have it activated it can not be stolen.

but what keeps someone at a dealer from using the vin, bust the window and push the button on the screen? Alarm system detect broken window maybe? What if they jimmy the door and push the activate screen?
I suppose the button doesn't show up unless the car is "on" (started probably). If you break the window without unlocking the car, I expect that the display won't even turn on, let alone showing a button.

If you somehow gained physical entry and turned on the car, all bets are off at that point. You don't need Ford Pass.
 

Maquis

Well-Known Member
First Name
Dave
Joined
Dec 21, 2020
Messages
338
Reaction score
441
Location
Illinois
First Name
Dave
Vehicles
2021 Mach E Premium; 2017 F150 XLT; 2013 Explorer XLT; 1965 Mustang Convertible; 1953 Chevy 3100
Country flag
Bottom line is that the car has to be started before it can be paired to FordPass. If the thief already has the car started, he doesn't need the app!
 
Last edited:

zhackwyatt

Well-Known Member
Joined
Dec 18, 2019
Messages
1,060
Reaction score
1,708
Location
Arizona
Vehicles
Reserved: '21 InfBlu Prem MMEx Current: '13 Ruby Red C-Max SEL Former: '98 OxfWhite Explorer XLT
Country flag
I think after you have it activated it can not be stolen.

but what keeps someone at a dealer from using the vin, bust the window and push the button on the screen? Alarm system detect broken window maybe? What if they jimmy the door and push the activate screen?
Well I assume, once someone is in the car unauthorized, all bets are off.
 

macchiaz-o

Well-Known Member
First Name
Jonathan
Joined
Nov 25, 2019
Messages
3,220
Reaction score
6,501
Location
Valley of the Sun
First Name
Jonathan
Vehicles
human driven
Country flag
Well I assume, once someone is in the car unauthorized, all bets are off.
If you loan the car to a mechanic or valet, you wouldn't want them to authorize themselves as a full time driver, since they can find the car days later and attempt to steal it or its contents. They just need temporary permission (i.e., by you handing them the key fob, or providing them with valet mode codes).

If a bad actor attempted to perform a master reset of the car while they are in temporary control, you'll receive notification via your own phone app and email that your access has been revoked. This way you can start to take whatever action you need to do, immediately.

Anyway, I don't have my car yet but I think this is how it works.
 

zhackwyatt

Well-Known Member
Joined
Dec 18, 2019
Messages
1,060
Reaction score
1,708
Location
Arizona
Vehicles
Reserved: '21 InfBlu Prem MMEx Current: '13 Ruby Red C-Max SEL Former: '98 OxfWhite Explorer XLT
Country flag
If you loan the car to a mechanic or valet, you wouldn't want them to authorize themselves as a full time driver, since they can find the car days later and attempt to steal it or its contents. They just need temporary permission (i.e., by you handing them the key fob, or providing them with valet mode codes).

If a bad actor attempted to perform a master reset of the car while they are in temporary control, you'll receive notification via your own phone app and email that your access has been revoked. This way you can start to take whatever action you need to do, immediately.

Anyway, I don't have my car yet but I think this is how it works.
That makes sense. I guess I'm just thinking its no worse than a traditional car w/ a key. You give the keys to valet, who could make copies if they want, etc.
 

macchiaz-o

Well-Known Member
First Name
Jonathan
Joined
Nov 25, 2019
Messages
3,220
Reaction score
6,501
Location
Valley of the Sun
First Name
Jonathan
Vehicles
human driven
Country flag
That makes sense. I guess I'm just thinking its no worse than a traditional car w/ a key. You give the keys to valet, who could make copies if they want, etc.
If it was designed and implemented properly, the "digital" key is going to be more secure than the old physical key/cylinders that we used to have.

Modern cars have anti-theft stuff built into keys, too. Like rolling codes on garage door openers, but hopefully more sophisticated than that. I don't know any details on how it really works.

I think Mach-E's implementation through FordPass is supposed to prevent remote unlocks and starts if the app user is too far away from the car, like more than 150 meters or something like that. I wonder any owners have tested this yet? This is another good security barrier (although not too hard to defeat), I think intended to prevent someone in another country or whatever from remotely tampering with the car.
 

TheVirtualTim

Well-Known Member
First Name
Tim
Joined
Oct 11, 2020
Messages
373
Reaction score
762
Location
Dearborn, MI
First Name
Tim
Vehicles
Mach-E First Edition, Escape Hybrid
Country flag
I think after you have it activated it can not be stolen.

but what keeps someone at a dealer from using the vin, bust the window and push the button on the screen? Alarm system detect broken window maybe? What if they jimmy the door and push the activate screen?
There are two different things here.

1. You can link a Ford Pass app to the car. That opens up features such as start/lock/unlock ... but while you can remote start a car with just the app (no key required), you cannot actually drive the car without a key.

This means you could unlock it and open the doors. You could even remote start it so the cabin starts warming up (or cooling down if summertime). But you can't actually drive the car.

2. To create a Phone-as-a-Key (so you could actually drive it) requires the factory key-fob. You can't use another PaaK to create a new PaaK.
 

Advertisement





 


Advertisement
Top