Ford F-150 Is An Example Of A Vehicle Impacted By Exclusivity
Marc Stern's picture

If You Drive Ford F-150 Or Another Truck, Remember That Vehicle Hacking Claims Overblown

Every so often a state will argue over a vehicle's data. Data on vehicles like the Ford F-150 is valuable and big business to dealers as it potentially helps them generate millions in backshop revenue. The problem is that there's another whole community of shops that also needs the data. Massachusetts is arguing over this, right now, as have other states in the past.
Advertisement

If you live in New England and are in any way served by the Boston media market, you have probably seen this ad. A group of automotive hackers who know just how to get into your car's computer system pick your vehicle, and then they set up a significant crash remotely.

Hacker Gleefully Takes Over

As you watch, supposedly horror-struck that a hacker is carefully and gleefully going through the steps of setting up a major automotive disaster involving your vehicle, your vehicle's future limited.

Now, the scene shifts, there's a significant crash that involves your vehicle, a hijacked 18-wheeler, plus other supporting players. Of course, it shows the hackers had gleefully chosen your vehicle, and voila, your vehicle is a central player in the dustup. Here's the thing, though, the ad is about as believable as a cat having puppies. It is, as they say in the crime dramas, a tissue of lies.

Here's the issue drawn up by the ad: the commercial implies that unless you know about them, there are bad actors out there who think nothing of taking over your car's diagnostic computer system and causing all sorts of mayhem.

Wow, I will bet you didn't know that nasty hackers were waiting out there to take over your Ford F-150's diagnostic computer system and that they were planning some nasty work with it. Indeed, they are targeting your truck and its computer system. That's something. As my colleague Jimmy Dinsmore points out, Ford has had its best truck quarter in 15 years. You can see his informative story here.

Hackers Can’t Do Everything The Ads Say

Well, here's the thing, at this point. unless the bad guys can physically install a diagnostic connector, keeping the diagnostic computer system up and running, there is no chance that they:

  1. Can take over your car’s computer system
  2. Can cause your car or truck to have a major accident

Now, vehicles and their computer systems are little more than static systems that need an active computer monitor plugged into the diagnostic computer port, located at by your pickup's kick flap. Perhaps some years down the road, when every vehicle on the road has its an independent WiFi system, the ad's scenario will come true. At that time, each vehicle will have an independent network ID number. Hackers might be able to take over vehicles and cause them to have accidents. However, today it is highly doubtful this could happen. It is the nature of each vehicular system that works against this.

So, where does this idea come from, and why are commercials extolling the possibility? They are great fiction.

Let's go back about six years to an experiment run by a couple of software developers who wanted to see if they could hack an automotive system. The pair approached Fiat Chrysler (FCA) to see if they could borrow a Jeep for their experimentation. FCA also wanted this information, it seems.

Here’s The Background Story

Okay, the developers worked for more than a year – 2013-2014 – before they achieved any results. They worked very hard and developed software that could open a vehicle's data port and hold it open. Once it was open, they could take over the SUV's vehicle area network (VAN).

During the test, the investigators flipped on the brakes, revved up the engine, and take control of a bit more. Note that the researchers had to have absolute control over the diagnostic computer port to make things happen.

It sounds ominous, and when you think of when it occurred, it was a shocking turn this type of hacking could occur (bear in mind that it was still in the realm of the researchers). There was a big "gotcha" in this. The researchers had to control the diagnostic port and the pickup's diagnostic computer system with active laptops. In 2014, it was big news.

Over time, the researchers were able to control the diagnostic port from remote sites and distances as great as 15 miles.

If you were to have publicized this feat with a press release, it would make it seem as if your pickup's underhood computer system was about to be overwhelmed by hackers from around the world. Indeed, the headlines, at the time, read: "Remote Systems Can Take Over Your Vehicle's Computer;" "Remote Takeovers Can Jam Brakes; Speed Engine."

Hacker Sits And Tries To Figure Out How To Hack A Pickup

Hacker Headlines Seem Pretty Real And Upsetting

That's pretty heady stuff when you look at it. It's enough to panic any vehicle owner. It's the type of nastiness that the opponents of Question 1 on the ballot – the right to repair your car anywhere you want – want you to believe is possible.

I suppose it could be, but there's a colossal gotcha: the hacker would have to get inside your vehicle and install a diagnostic tester into the diagnostic port. To work correctly, the hack into the F-150 would have to have an over-the-air link.

If, on the other hand, the pickup supported WiFi, there's the potential for more mayhem because technically, WiFi-based systems should be easier to control. But, here's the problem for this form of the hack – the researchers were able to control vehicles through the WiFi system, but they knew the right "magic words" to open the WiFi-based system up and keep it open. Usually, car WiFi systems are not readily available for hackers to see.

So, what are the available network addressing systems? The earliest systems used the BIND service – the latest BIND service defined was BIND-9. Bind defines the address space available under IPv4. At last count, the BIND space (also known as IPv4) was running out of space.

Growing The Internet

This encouraged new ways of finding added network addressing space. To make as headroom available in the network space (this is the way net geeks usually define this), network admins either defined it using either network address translation or IP masquerading. Both had the same aim, using current networks with one address serving many computers underneath. It was a gateway deal.

As this addressing scheme runs out of data, the internet moves to IPv6 of the Classless Internet Domain Routing with new addressing. Technically, the number of addresses available under IPv6 is enormous. However, given how things are in the mobile networking world, the number of addresses available, it is likely that there will be a need for a new addressing scheme within the next few years.

For hackers, now, finding the specific address of your Ford truck is nearly an impossible task, especially if you are running Network Address Translation. Since NAT allows you to hide the address of your pickup behind a different space, it is excellent protection against hacking. (There is an old hack about finding the address of your F-150’s keyfob that might technically be called a hack but is more just finding the information about your door lock’s address information. You can find this information easily on the internet. As to other computerized hacks, it’s not easy.)

It is, as a famed lyricist, said a generation ago, "The Impossible Dream." Hackers are out there – the researchers showed six years ago that it was possible. Now, for the most part, hackers would have to work to find your pickup and do things to it. But, why would they invest the time and effort, unless you have a rare collection of Singapore sea slugs that need protection?

State’s Ballot Question

This brings us back to Massachusetts' controversy. Ballot Question 1 lets independent service shops have complete access to the latest car diagnostic data. New-car dealers are fighting tooth and nail to keep this information under lock and key. The reason is simple: they will benefit from added back shop work while the independents are sitting with last-generation data. That's the problem!

Independents are now allowed access to a full range of data about the cars they service, which gives consumers the best bang for their automotive service dollar. The dealer chains would love to gain more work by limiting independent shops' access to the latest diagnostic software, thereby keeping the work in house. The disinformation ads and misinformation are tremendous because this work could add hundreds of millions to the bottom lines of dealerships and won't add a much to independents who need the data to survive.

So, here's the Torque News take on this issue: don't believe every ad that's out there. Hackers aren't sitting around looking nefarious as they pick your Ford F-150 for shenanigans. And, don't listen to those who tell you they have owned garages for ages and who and they agree with Question 1's prohibitions.

Torque News Advice To Voters

Our advice is study the question and maybe talk to a couple of shop owners and dealers and when you have the information, vote (mail-in, early, or standard on Election Day, it’s your choice).

Marc Stern has been an auto writer since 1971. It was a position that filled two boyhood dreams: One was that I would write, and two that I write about cars. When I took over as my newspaper's auto editor, I began a 32-year career as an automotive columnist. There isn't much on four wheels that I haven't driven or reviewed. My work has appeared in Popular Mechanics, Mechanix Illustrated, AutoWeek, SuperStock, Trailer Life, Old Cars Weekly, Special Interest Autos, and others. Today, I am the Ford F150 reporter for Torque News. I write how-to and help columns for online sites such as Fixya.com and others. You can follow me on Twitter or Facebook. Most of Marc's stories can be found at Torque News Ford coverage. Check back again and search for Torque News Ford F-150 news for more F-150 truck news coverage.


Subscribe to Torque News on YouTube.


Follow Torque News on YouTube, Twitter and Facebook.