One of the best-selling Ford vehicles in Europe has an alleged security flaw that could expose personal data and put the safety of drivers at risk. The study was conducted by Which? and found that some computer systems behind the connected tech features of the Ford Focus Titanium automatic 1.0-liter gasoline-powered car were vulnerable to attacks. Which? says the investigation confirmed fears it had that there is no meaningful regulation for on-board technology in the automotive industry.
The investigation was conducted in partnership with Context Information Security. During the investigation, the team was able to leverage basic equipment to intercept messages sent by the tire pressure monitoring system on the Ford Focus. According to the researchers, an attacker could trick the system into displaying that a flat tire was fully inflated and vice versa.
Testing also showed they were able to get information from the Ford code, such as Wi-Fi details and a password that appeared to be for a computer system on the Ford production line. Another concern that stems from the investigation is how much data the cars generate about owners. Investigators said the Ford Pass app means the location and travel direction of the vehicle are allowed to be shared at any time.
That app can also share information from the car’s sensors, such as warning lights, fluid levels, and fuel consumption. Ford is also tracking driving characteristics like speed, acceleration, braking, and steering. That information can be shared with insurance agencies under several Ford programs, including Ford Insure. Which? says that Ford declined to receive a copy of the technical report that it had prepared showing a “worrying disregard” for possible issues. Which? says that is a concern for both risk of financial information and to human life with the vulnerabilities that it is found in the vehicle software.
Subscribe to Ford Authority for around-the-clock Ford news coverage.
Source: Which?
Comments
“According to the researchers, an attacker could trick the system into displaying that a flat tire was fully inflated and vice versa.” The TPMS only operates while the vehicle is powered on, so the attacker has to be driving very close to the vehicle to do such an attack. The driver can ignore the “attack” and drive on to a safe area or station and get the tire pressures checked. It may be a bother but it will not be as bad as this article claims. I recommend going “old school”, carrying a portable pressure gage, and sensing if the ride changes due to a genuine loss of pressure that we can detect before TPMS existed. The TPMS is just a additional warning system. You can drive without it.
welcome to ford-the company with absolutely no customer support-if you don’t believe me, call their number and ask them a question and if they can,t or do not answer you question ask for a supervisor and see what happens!!!!!!!!!!!!!!!!!!!!!