Block Big Brother

[UncleBrad]

I had a similar response in the Bronco Sport forum to a perfectly rational and justifiable inquiry into just how secure we, as vehicles owner, truly are with our personal information. People, it's not funny any more. It's not funny to roll out tired old "tin-foil hat" moniker. And it won't do to shrug our shoulders with lame reasoning like "they would've comprised you by now" or "why would they want to compromise you" - both offerings, though mutual opposites, seem to be acceptable tactics to dismiss the threat. And don't forget the "if you have nothing to hide, why be concerned?"

If this weren't an issue, there would be no privacy4cars.com, no related discussions on a congressional floor or insane insurance billing directly tied to driving habits as revealed by vehicle connected services. There would be no concern about vehicle theft using readily-available HackRF or Flipper Zero devices. There would not be related lawsuits and legislation.

Just because your SSN and credit card information is already on the "dark web" doesn't mean it's too late to address these issues. And just because FordPass is only available through Google Play - a known resource for compromised apps - means it's OK by default to download and install it on a potentially compromised iOS or Android device which you in turn plug into your vehicle. Your vehicle likely also has wireless access, a built-in SIM card and GPS. We already know car manufacturers have been caught selling your PRIVATE data (including driving habits, home and work locations, where you eat and even sexual proclivities).

The poster asking why anybody would want to create a virus misses the point: it doesn't have to be a virus. The threat can - for instance - be marketed as a software feature- like facial recognition in order to determine if you're paying attention to the road.

Your Bronco belongs to you, but subscriptions and services do not belong to you. Subscriptions and services operate through connectivity offered to us as conveniences.

Sponsored

 

[indio22]

I'm with Zzbully and have an opinion that the most likely risk in the near-term is malfunctions (even a bricked vehicle) when ford uploads faulty 'updates' in the future.
Some manufacturers are already offering some electronic 'services' as a subscription. Makes me worry that this trend could expand into aggressive marketing where the vehicle owner has to pay-and-pay-and-pay to keep features running that they thought they paid for with the original purchase of the vehicle that they thought they owned.
Don't get me started on software obsolence.
My opinion is that we need a choice to be able to purchase vehicles with NO internet connectivity, designed with features that when non-essential features fail don't cause failure of a more important feature/function.
I'd be happy with Off-road/trucks having zero chips and software.

Ugh, subscription services. Companies realized, why sell a product once or infrequently, when instead they can have an ongoing line into the customer wallet. That's a reason so many product offerings are going the way of services.

Regarding vehicle software updates, I work in IT and have seen where software fixes fix things, and when they don't, including when they introduce a new issue (aka feature).

I use to build PCs as well, and some of these guys having to keep updating to the latest BIOS and having issues or bricking their PCs. They just couldn't help themselves, even if the BIOS changes didn't apply to their usage.

Bottom line - I generally prefer not to make updates, unless I have something that needs fixing via the update. It's not tin foil hat stuff, rather it's my Bronco running fine and doing what I want, while still running software from October 2023. I'll mess with that when there is some good reason for me to mess with it.

I don't know if my Bronco modem is still giving away my location or whatever, but turning off the updates did stop them.

 

[Valhalla]

I had a similar response in the Bronco Sport forum to a perfectly rational and justifiable inquiry into just how secure we, as vehicles owner, truly are with our personal information. People, it's not funny any more. It's not funny to roll out tired old "tin-foil hat" moniker. And it won't do to shrug our shoulders with lame reasoning like "they would've comprised you by now" or "why would they want to compromise you" - both offerings, though mutual opposites, seem to be acceptable tactics to dismiss the threat. And don't forget the "if you have nothing to hide, why be concerned?"

If this weren't an issue, there would be no privacy4cars.com, no related discussions on a congressional floor or insane insurance billing directly tied to driving habits as revealed by vehicle connected services. There would be no concern about vehicle theft using readily-available HackRF or Flipper Zero devices. There would not be related lawsuits and legislation.

Just because your SSN and credit card information is already on the "dark web" doesn't mean it's too late to address these issues. And just because FordPass is only available through Google Play - a known resource for compromised apps - means it's OK by default to download and install it on a potentially compromised iOS or Android device which you in turn plug into your vehicle. Your vehicle likely also has wireless access, a built-in SIM card and GPS. We already know car manufacturers have been caught selling your PRIVATE data (including driving habits, home and work locations, where you eat and even sexual proclivities).

The poster asking why anybody would want to create a virus misses the point: it doesn't have to be a virus. The threat can - for instance - be marketed as a software feature- like facial recognition in order to determine if you're paying attention to the road.

Your Bronco belongs to you, but subscriptions and services do not belong to you. Subscriptions and services operate through connectivity offered to us as conveniences.

It's a product, don't want it don't buy it.

 

[UncleBrad]

>> It's a product, don't want it don't buy it.

Oh, THAT'S original.

But I want the product. And as the product owner, why not try to correct the problem? Why can't I turn off the problem so I can use the product for the reasons I actually purchased it? After all, the problem is not the product itself, but what the product is doing outside its core design and purpose.

That's like rolling out the tired old "if you don't like what you're watching on the TV, turn it off." If that's all you do, you and your family eventually will have nothing left to enjoy.

That is, unless you and your family have "something to hide"...

 

[Valhalla]

>> It's a product, don't want it don't buy it.

Oh, THAT'S original.

But I want the product. And as the product owner, why not try to correct the problem? Why can't I turn off the problem so I can use the product for the reasons I actually purchased it? After all, the problem is not the product itself, but what the product is doing outside its core design and purpose.

That's like rolling out the tired old "if you don't like what you're watching on the TV, turn it off." If that's all you do, you and your family eventually will have nothing left to enjoy.

That is, unless you and your family have "something to hide"...

So un plug the modem man. I work in the industry. The only way to get manufactures not to include something the government and insurance companies want is to not purchase it. This is not a bronco thing this is across all bra ds all models. I'd say the insurance lobby is driving this to save ol' mighty dollar. You seemed mad. I'm not trying to make you but rather discuss the issue.

 

[UncleBrad]

OK, so I should buy another product. How about GM? No, they've been caught selling data related to driving habits to insurance companies. And they even have the audacity to sell "cyber-security insurance."

How about Toyota? Nope. A Corolla GR recently caught fire within warranty as the owner stood helplessly nearby. Toyota tried to weasel out of the warranty because vehicle data (which the user wasn't aware existed) revealed that the owner had previously driven the vehicle above (an arbitrary) 85MPH. Mind you, this is a high performance car designed to be driven on the track - which the owner had been doing at the time.

How about Subaru? No: their default EULA clearly states that occupants consent to collection and sale of their potentially private information.

How about data breaches? This has already happened with several manufacturers - not just Ford and Chevy. Tesla, Toyota, Volkswagen and Fiat Chrysler have been hit, mostly server-side.

And good luck with that Hyundai keyless entry system. Anybody with an IQ above room temperature can break into their vehicles.

You bet I'm "mad". I'm concerned the numerous issues that the FBI and several consumer advocate organizations have clearly detailed.

I'm just a lowly software engineer, and I don't work in the "industry" as you do. But if you do work in the industry, you've got a lot of work ahead of you.

 

[Valhalla]

No I don't, people buy them.

 

[dpAtlanta]

There's probably still a black box recorder type of thing if your airbags deploy. Unplugging the modem didn't disable any features that I use. If you have passengers their smart phones are probably giving up a lot of info but probably not directly to ford.

The "Black Box" (aka Event Data Recorder - EDR) does store anything except for vehicle parameters 5 seconds prior to a deployment event or a non-deployment event. The EDR's have no idea where the vehicle is, what time or date it is, and can't capture smart phones or record cabin voices.

Sponsored