One of the best-selling Ford vehicles in Europe has an alleged security flaw that could expose personal data and put the safety of drivers at risk. The study was conducted by Which? and found that some computer systems behind the connected tech features of the Ford Focus Titanium automatic 1.0-liter gasoline-powered car were vulnerable to attacks. Which? says the investigation confirmed fears it had that there is no meaningful regulation for on-board technology in the automotive industry.
The investigation was conducted in partnership with Context Information Security. During the investigation, the team was able to leverage basic equipment to intercept messages sent by the tire pressure monitoring system on the Ford Focus. According to the researchers, an attacker could trick the system into displaying that a flat tire was fully inflated and vice versa.
Testing also showed they were able to get information from the Ford code, such as Wi-Fi details and a password that appeared to be for a computer system on the Ford production line. Another concern that stems from the investigation is how much data the cars generate about owners. Investigators said the Ford Pass app means the location and travel direction of the vehicle are allowed to be shared at any time.
That app can also share information from the car’s sensors, such as warning lights, fluid levels, and fuel consumption. Ford is also tracking driving characteristics like speed, acceleration, braking, and steering. That information can be shared with insurance agencies under several Ford programs, including Ford Insure. Which? says that Ford declined to receive a copy of the technical report that it had prepared showing a “worrying disregard” for possible issues. Which? says that is a concern for both risk of financial information and to human life with the vulnerabilities that it is found in the vehicle software.