Hackers figured out the vulnerabilities of key fobs years ago, which inspired a recent Ford patent filing outlining ways to prevent attacks from that front. However, now it seems as if enterprising thieves have figured out a way to hack the Ford Phone As A Key system according to Reuters, a feature that’s currently offered on a host of Blue Oval products including the Lincoln Nautilus, its big brother, the Lincoln Aviator, and the Ford Mustang Mach-E, which also comes with an addition key fob for 2022.
The Ford Phone As A Key system – along with similar technology, such as what’s used on Tesla vehicles – is susceptible to hackers, which can remotely gain access to those systems via Bluetooth. A researcher from the cybersecurity firm NCC Group demonstrated this weakness by using a laptop equipped with a small relay device to unlock and actually drive away in a 2021 Tesla Model Y, but noted that this vulnerability applies to any vehicle or smart lock using Bluetooth Low Energy (BLE) technology.
“This proves that any product relying on a trusted BLE connection is vulnerable to attacks even from the other side of the world,” the company said. “In effect, systems that people rely on to guard their cars, homes, and private data are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware. This research illustrates the danger of using technologies for reasons other than their intended purpose, especially when security issues are involved.”
It’s worth noting that future vehicle entry systems may not use this type of technology at all, as Ford has recently filed patents for a window-based keyless entry system, as well as a vehicular fascial recognition system. Then there’s the Ford SecuriCode keypad, which is a feature present on many Blue Oval vehicles that isn’t quite as common on other brands, though it could help prevent these types of theft altogether.