Could Your Ford Be Remotely Hacked?
Big news last week came in the way of a Wired article that shows a Jeep Cherokee that was remotely hacked. The hackers claim, by using the Sprint cellular network that FCA uses for their telematics, that they could remotely gain access to the infotainment system and load new firmware that allowed them to take over the entire car’s computer network. That included remotely controlling the brakes, steering, and transmission. How possible is something like that for a modern Ford vehicle?
FCA fixed the exploit by issuing a software update for vehicles that customers already own, fixing the hole on vehicles in production, and working with Sprint to plug the hole on their end that allowed for remote access in the first place.
On vehicles equipped with MyFord Touch that aren’t plug-in or fully-electric vehicles, the system has no outside connection to the Internet. Unless you plug in a USB 4G dongle to convert the vehicle into a wireless hotspot, there’s no active connection inside the vehicle.
Assuming a hacker could use the wireless hotspot to gain control of the infotainment, your risk would be extremely low. It’d have to occur when the vehicle is running, with the dongle plugged in. They then would have to break the security on your wireless dongle, penetrate the MyFord Touch system, and hope that there’s a way to bridge that data connection to the bus of the rest of the vehicle. The odds of that occurring are astronomically low. Maybe it’s provable in a lab, but would never be effective in the wild.
For the plug-in Ford vehicles, Ford offers a mobile app that allows owners to find their vehicles, lock and unlock them, and start them. That data connection is fundamentally the same setup as FCA has, and could potentially be subject to a similar exploit. Ford uses AT&T for their data connection. Unless AT&T better protects their system than Sprint did, that could be an entry point for the vehicle.
If a plug-in Ford were to be hacked, the resulting damage wouldn’t be as big as the FCA breach. Far fewer plug-in vehicles are sold. That doesn’t mean that it wouldn’t be scary to the person owning the plug-in hybrid, but not as many cars would be hacked.
With SYNC 3, Ford introduces over-the-air updating of their system through a WiFi connection to your home router. Over-the-air updates are a great way to stay up to date, and using a WiFi connection at home is inherently more safe.
Your router has an active firewall on it. That should help keep out some of the baddies. Also, since it’s only checking for updates when the car is at home and connected to WiFi, it doesn’t mean that the car is always connected to the Internet and subject to remote hacking. If someone were able to gain access to your SYNC 3 Ford, it’s most likely going to be in the garage and you aren’t going to be in it. Once you drive away, you lose the Internet connection.
They only remaining question are mobile apps on your smartphone. If your smartphone had a virus, could that potentially break into your Ford and allow a hacker to gain control? It would depend on Ford’s mobile app interface. If the mobile app interface is locked down, then there shouldn’t be an issue. However, until hackers beat on that connection we won’t know for sure.
What you can be sure of is that the risk is lower on Ford vehicles than other brands because, unless you have a plug-in vehicle, your vehicle isn’t always connected to the Internet. That alone significantly reduces the risk of a remote hack.
The other hacks up until this point have required physical access to the vehicle. If someone wanted to do you harm and have physical access to your Ford, they do easily do it without having to hack your vehicle at all.
What do you think? Are you worried about car and truck hacking, or are you not concerned? Let us know in the forums!