Ford Focus RS Forum banner

1 - 20 of 21 Posts

·
Registered
Joined
·
520 Posts
I hope not! I hate all that smartphone integration and internet crap. That's how cars get hacked and these systems glitch all the time.
 

·
Premium Member
Joined
·
3,264 Posts

·
Registered
Joined
·
1,551 Posts
I hope not! I hate all that smartphone integration and internet crap. That's how cars get hacked and these systems glitch all the time.
I work as a software developer with automotive networks. The only system that has truly been hacked, to my knowledge has been Chrysler's uConnect. Up until then every other "hacker" (including a former co-worker who made it to ABC news, ugh..) had physical access to the car. My point being that this is really uncommon. I'm not specifically speaking about you, but generally the people who are paranoid about their car being hacked should be more paranoid about their general use of the internet. People that use the same password for every account, use common passwords found in downloadable lists, expose their login credentials through public wifi, etc. etc.
 

·
Registered
Joined
·
520 Posts
I work as a software developer with automotive networks. The only system that has truly been hacked, to my knowledge has been Chrysler's uConnect. Up until then every other "hacker" (including a former co-worker who made it to ABC news, ugh..) had physical access to the car. My point being that this is really uncommon. I'm not specifically speaking about you, but generally the people who are paranoid about their car being hacked should be more paranoid about their general use of the internet. People that use the same password for every account, use common passwords found in downloadable lists, expose their login credentials through public wifi, etc. etc.
Well I'm always careful with the internet in general. I just view "connected cars" as unnecessary and really just another means to get hacked and to further track us, make us lazier and invade our privacy. I'm old fashioned so no car of mine will ever be "connected". I'm fully prepared to eventually buy only used cars with the way things are going in that regard.
 

·
Registered
Joined
·
1,180 Posts
What I want is windows up / down including moonroof so that if my car is sitting in the driveway and a rainstorm pops up I can quickly close them from my phone.
 

·
Registered
Joined
·
1,551 Posts
What I want is windows up / down including moonroof so that if my car is sitting in the driveway and a rainstorm pops up I can quickly close them from my phone.
The sunroof in the ST doesn't seem to be connected to the BCM. Sadly, I don't think this is possible.
 

·
Premium Member
Joined
·
3,264 Posts
I work as a software developer with automotive networks. The only system that has truly been hacked, to my knowledge has been Chrysler's uConnect. Up until then every other "hacker" (including a former co-worker who made it to ABC news, ugh..) had physical access to the car. My point being that this is really uncommon. I'm not specifically speaking about you, but generally the people who are paranoid about their car being hacked should be more paranoid about their general use of the internet. People that use the same password for every account, use common passwords found in downloadable lists, expose their login credentials through public wifi, etc. etc.
I still have a strong suspicion that the GM issues with people unlocking and stealing contents was related to their OnStar system. I really think that the thieves used a portable "cell tower" on the right frequencies with a fake OnStar server that after the car connected and sent info on its new IP to the fake server the fake server followed that with an unlock command. Watching the videos some of those thieves didn't seem to know the car was going to unlock until the lights flashed, then they did an about face and in the car fast. I'm sure the right model cell phone compatible with the carrier that supports OnStar could be modified for this purpose.
 

·
Registered
Joined
·
418 Posts
I have a BS in security engineering, so I find this sort of thing extremely interesting.

I would assume that, with your app, you would need to login with an account to access a Ford system that reaches your car. In order for someone to access your vehicle remotely, all they would need is your account info. Direct phishing for this kind of info is not a good idea, as its a new thing and would yield extremely poor results not worth the effort. Therefore, if someone were really interested in hacking your car with this technology, they would need to steal user account credentials from Ford directly. And then, once they have the account, how do you know what/where the car is that is linked to that account? Would you even care? Or would you just steal a ton of accounts and hack all the cars to prove a point or cause accidents to occur (if that capability is possible)? And what are the limitations of the system as to what it can do (unlock the car, start the engine) by default? And what could it possibly do with some 1337 hacking skillz?

I think the point I'm trying to make is, it's nothing to worry about until it becomes extremely prevalent. The work required by a person/group in order to cause problems for a specific person is extremely high. With that said, you could potentially see some hacker group remotely control many cars ALL AT ONCE to prove a point or make a statement, but again, you wouldn't see that until some point in the future.
 

·
Registered
Joined
·
1,551 Posts
Funny that it works in Europe but not in the States.
To my knowledge global open/close only works on the windows. There are guys in the states that have flashed the BCM software through this Russian application called Focccus or something like that. You will notice on the ST (and I assume the RS) that as soon as you key off the sunroof is disabled. This is unlike the windows that work until you open the door. This is because the BCM can control the windows through CAN messages. This I know because I have successfully simulated those CAN frames using our software to control the windows. However, there is no CAN message that I can identify which corresponds to the sunroof. This and the behavior previously mentioned lead me to believe that the sunroof is just on switched power (KL15) and is not networked through CAN or LIN to the BCM.
 

·
Registered
Joined
·
1,551 Posts
I have a BS in security engineering, so I find this sort of thing extremely interesting.

I would assume that, with your app, you would need to login with an account to access a Ford system that reaches your car. In order for someone to access your vehicle remotely, all they would need is your account info. Direct phishing for this kind of info is not a good idea, as its a new thing and would yield extremely poor results not worth the effort. Therefore, if someone were really interested in hacking your car with this technology, they would need to steal user account credentials from Ford directly. And then, once they have the account, how do you know what/where the car is that is linked to that account? Would you even care? Or would you just steal a ton of accounts and hack all the cars to prove a point or cause accidents to occur (if that capability is possible)? And what are the limitations of the system as to what it can do (unlock the car, start the engine) by default? And what could it possibly do with some 1337 hacking skillz?
If I were to implement this system I think the best route would be a pairing system similar to Bluetooth where the car is the server, and the mobile app is the client. Assuming a sufficient encryption and server software that doesn't have blatant security holes *cough*uConnect*cough* it should be pretty secure.

Running a simple scan using the open-source Nmap port mapping tool, the researchers found that port 6667 was open. Port 6667 on a normal server is used for Internet Relay Chat (IRC), but on a Jeep, it's used for something called D-Bus, an interprocess communications mechanism. "D-bus can require authentication, but the Jeep implementation did not," Miller said.
Miller then used a program called Dfeet to look at services connected to D-bus and discovered that D-bus was running as root, meaning it has full access rights to connected systems. So with just four lines of Python code, a command could potentially be executed on the vehicle to perform operations.
Miller and Valasek had to do additional work to enable the controller area network (CAN) message bus on the vehicle, which is connected to steering, brakes and other activities, to receive and properly execute his D-bus messages.
But I'm no expert, just a generic CS major.
 

·
Registered
Joined
·
1,180 Posts
To my knowledge global open/close only works on the windows. There are guys in the states that have flashed the BCM software through this Russian application called Focccus or something like that. You will notice on the ST (and I assume the RS) that as soon as you key off the sunroof is disabled. This is unlike the windows that work until you open the door. This is because the BCM can control the windows through CAN messages. This I know because I have successfully simulated those CAN frames using our software to control the windows. However, there is no CAN message that I can identify which corresponds to the sunroof. This and the behavior previously mentioned lead me to believe that the sunroof is just on switched power (KL15) and is not networked through CAN or LIN to the BCM.
Yup, I've had the mod done to mine but i watched a video out of Europe that clearly shows the windows and moonroof closing in response to holding the lock button.

http://owner.ford.com/how-tos/vehicle-features/driver-controls/global-open-windows.html
 

·
Registered
Joined
·
1,551 Posts
Yup, I've had the mod done to mine but i watched a video out of Europe that clearly shows the windows and moonroof closing in response to holding the lock button.
I haven't seen such a video, but I'll take your word for it. If that's the case then hopefully since the RS is being made in Germany we will get the German sunroof :)
 

·
Registered
Joined
·
2,291 Posts
The keyless push button start fusions can do the remote window open/close and moonroof venting I believe. It's buried in the manual somewhere and not something they even mention as a selling point which they really should. Even my old '12 Fusion could do it, but you had to have the service department disable accessory delay when you turn the vehicle off for some reason.
 

·
Registered
Joined
·
76 Posts
I hope the RS doesnt have it. It would really suck to start the car, and have it in 1st/2nd gear and it runs into your garage door, or your neighbor's Tesla. :rolleyes:
 
1 - 20 of 21 Posts
About this Discussion
20 Replies
11 Participants
Hoonigan
Ford Focus RS Forum
FocusRS.org is the largest forum community to discuss the 2016+ Focus RS. Join to talk about performance, specs, reviews and more!
Full Forum Listing
Top