Car Hack Roundup - ThreatWire Crosspost (Patreon)

Some pretty interesting hacks are happening in the car hacking community, so I wanted to share these as a roundup this week. First off, let’s talk rental cars. 

Masamba Sinclair rented a Ford Mustang from Enterprise RentACar and used the FordPass app installed on his phone to control his the vehicle. He could start and stop the engine, lock and unlock the doors, and track the car’s location while he was renting it. Sinclair discovered that after he returned the vehicle, he still had access to it through the application. He found that even four days after returning the car, he could still have control of it. Enterprise finally removed Sinclair’s access after ArsTechnica reached out to the rental car company about the issue, and this still took them three hours after being informed. 

A previous and similar problem occurred last year in October, at which time Ford and Enterprise both said they unpair the apps after they are sold or rented to new customers, but this isn’t necessarily true. Enterprise simply includes on a rental agreement that customers should unpair their personal devices from a rental upon return, but that doesn’t always happen if a customer is in a rush to get to their flight. Ford puts the onus on the driver or the rental agency, saying they have visual ways to show if an app is still paired to a car, and they remind dealerships to unpair cars before being resold. 

Unfortunately, unpairing devices from cars is not just an issue for Enterprise or Ford. As an example, I rented a car last week and two phones were still paired with that car, after if was in my possession. I could see a call log, phone numbers, and names for the paired phones that had been used over Bluetooth. While the devices were no longer in the vicinity and couldn’t be connected, the history was still listed on the vehicles screen. So Maria and Peter, I unpaired your phones for your security - you’re welcome.

In other news, used Teslas are being jailbroken so buyers can use all of the software applications. Tesla has been fighting for years against this kind of jailbreaking and hacking with no end in sight. According to reports, a person bought a used Tesla from a dealer who had bought it directly from Tesla. It was advertised to include Driver Assistance Systems and autopilot which were included with the car when the dealer bought it - this package usually costs $8k. Tesla had remotely removed the software saying that “Full Self Driving was not a feature you had paid for”. According to Tesla, the customer would now have to pay $8k to get it back. 

Tesla pulls software on salvage vehicles, and an anonymous employee reported that he could push the software back to a car if a customer complained enough about it. Since the car receives software updates for certain features, these software updates can also be pulled, and in the case of Tesla, they did this when an upgrade package was included on a used car that’s sold to a new owner because according to them, the new owner didn’t pay for it. Many equate this to stealing, since in effect, it’s similar to someone coming into your garage and taking a muffler or new tires off your car.

Teslas are often declared total losses if they’re involved in accidents because the costs to repair are so high. If a vehicle is considered salvage, Tesla stops supporting the vehicle, even if it passes an inspection by their own staff. Thanks to independent repair professionals, jailbreaking of Tesla software and restoration of features is becoming more common, though jailbreaking does void any warranty. But warranties are already voided if the vehicle has a salvage title. These jailbreakers are trying to promote sustainable, green energy, by helping secondary owners get the software they expect and not contributing more cars to a dump. 

Car Hacking:

https://owner.ford.com/fordpass.html

https://arstechnica.com/information-technology/2020/02/rental-car-agency-continues-to-give-remote-control-long-after-cars-are-returned/

https://krebsonsecurity.com/2020/02/when-your-used-car-is-a-little-too-mobile/

https://www.vice.com/en_us/article/y3mb3w/people-are-jailbreaking-used-teslas-to-get-the-features-they-expect

https://jalopnik.com/tesla-remotely-removes-autopilot-features-from-customer-1841472617

https://www.scribd.com/document/425591536/TN-18-00-001-Unsupported-Vehicle-Policy

Support me on alternative platforms! https://snubsie.com/support

Shop ThreatWire Merch! - https://snubsie.com/shop

USE CODE “MOVING2020” for 25% OFF ANYTHING IN THE STORE! GOOD TIL 3/4/2020

https://www.youtube.com/shannonmorse --  subscribe to my new channel!

ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire