Ford Ranger Upgrade -- Beware Hacking A Real Possibility
On Wednesday, Torque News published a look at the findings of a UK study that showed the Ford Focus Titanium, a Euro model, was vulnerable to hackers. Today, TN is publishing a longer story on data-hacking in vehicles because Ford Performance is offering an upgrade to Ford Ranger computers for better performance. I wrote the story earlier this week and Jimmy Dinsmore yesterday's piece.
In today's interconnected world, it makes sense to be concerned about the software that may be running under the hood of your vehicle.
Ford Ranger Upgrade Could Be Vulnerable
For example, in a story that I wrote Wednesday for Torque News, I revealed that a collaborative study between the UK's consumer rights group, Which and Context Information Security found an issue with the software and hacker access in Euro Ford Focus Titanium, equipped with a 1-liter engine. My colleague and senior Torque News reporter Denis Flierli showed that hacking could affect any primary line like Subaru. Denis' story appears here.
I mentioned that hackers had been able to gain access to the Focus using basic equipment. Then messages could be sent to and from the tire pressure monitoring system so that a hacker could bluff the system into showing a fully inflated tire as flat and vice versa.
And, using the vehicle's WiFi system, the "hackers," really researchers, found a Ford production line password and other data. I also observed that if they could see this much data in the UK, that it would follow that hackers with basic equipment could find a bunch of info about trucks, like the Ranger. The researchers also found that they could see the vehicle's position and direction through the Ford's Pass App, and they could also determine the type of vehicle. And, there was a rich mine of data revealed by the Insure App.
Now comes the word that Ford Performance has dialed a computer system upgrade for the 2020 Ford Ranger. The Performance Group has upgraded the Ranger with the Mustang M-9603-MB8 calibration.
The update uses the Pro Cal 4 tool (the upgrade also includes a performance air filter). Torque News reporter Jimmy Dinsmore did an excellent report on the story.
Ford Ranger Upgrade Uses Sophisticated Tool
The key is the Pro Cal 4 tool and its new software. In a pretty standard computer action, you use a USB cable to download the software to a Pro tool connected to a computer via a USB cable.
Now all of this would be great if this was going into a closed system, but it isn't. It relies on the OBD-II diagnostic connector that is on the left kick panel. The Pro Cal tool is quite a performer as if stores your Ranger's information in a stock file in real-time.
The software monitors engine parameters and clears and reads DTCs (computer data codes). It also sets up a logging routine, and it can configure Ranger tire size changes, within reason.
Since we know that the Euro Ford Focuses are vulnerable, it is reasonable to assume types of vulnerability for the Ranger. One issue that comes to mind is the ability to configure tire sizes. Imagine if a hacker gets into the Ranger and decides to set up a weird stagger on its tires.
You may think this is impossible, but it isn't. About five years ago, a pair of researchers set out to show that the cars of 2014 were vulnerable to hacking. Folks, at that time, said nope, impossible, couldn't be done; each vehicle is a closed system; there's no way to do it. Look, they pointed out, the only access point is through the OBD-II diagnostic tester port.
Ford Ranger Upgrade Like FCA Research?
Guess what? Using this particular outlet, the researchers – a pair who used an FCA product to prove this – accessed the vehicle's internal network and then proceeded to do things like disable the brakes, enable the brakes, speed up and slow down the test mule, all using the OBD-II connector.
Then, their next step was using whatever networking existed at that time to access the car's internal network. They controlled the vehicle through its infotainment system from distances of a mile to up to 15 miles. They were able to access the vehicle's internal computer network and take over control of engine functions, speed features, and the brakes.
It was a research experiment conducted by two computer geeks to show what hackers could do. The basic equipment showed what they could do with an OBD-II connector and a laptop. The next test of the infotainment system consisted of only a transceiver (radio transmitter and receiver tuned to the proper frequency) and a computer. By the way, the Federal Communications Commission (FCC) stores the frequencies of all over-the-air systems in public-accessible databases. Anyone can find out anything about any system that touches anything related to radio. Today, the situation has become worse and more complex. It's not like there are any strict safeguards on any vehicle's internal network. If a network is compatible with the IoT (internet of things), then a search of the internet can find and get into any car computer system. This means that any vehicle is vulnerable to an intrusion.
Carmakers still rely on their old security standard of hiding things in plain sight. Rather than putting security on access to any car's computer system – it's not a hard task. It's that it adds a layer of complexity that carmakers don't think is necessary – they just depend on the sheer data density of IoT networks to provide security and invisibility.
Ford Ranger Upgrade Depends On Forest-Trees Security
That invisibility doesn't last long if a determined hacker wants a specific range of vehicles. As soon as one vehicle of that range is determined – each IoT-specific device has a network address from which hackers find other network devices.
It's the way the Which researchers found the data vulnerability of the Ford Focus Titanium in Europe. It is the same way that hackers can find the address of a specific device – a vehicle is a device to the IoT. So, while the Ford Performance upgrade is excellent for Rangers, it does bring with it a potential headache.
This isn't to say it will happen, only that it may. The reason for this is simple: the reaction of Ford to the recent Which study. When confronted with the evidence in the report, Ford ignored it. I guess they think their security protocols – as in very few or none – are good enough.
Author Update About Data Breaches
You know from what I have observed over the last five years or so of covering this and writing about, in one capacity or another, all I can say that it isn't an unexpected response because it is.
Marc Stern has been an auto writer since 1971. It was a position that filled two boyhood dreams: One was that I would write, and two that I write about cars. When I took over as my newspaper's auto editor, I began a 32-year career as an automotive columnist. There isn't much on four wheels that I haven't driven or reviewed. My work has appeared in Popular Mechanics, Mechanix Illustrated, AutoWeek, SuperStock, Trailer Life, Old Cars Weekly, Special Interest Autos, and others. Today, I am the Ford F150 reporter for Torque News. I write how-to and help columns for online sites such as Fixya.com and others. You can follow me on Twitter or Facebook. Most of Marc's stories can be found at Torque News Ford coverage. Check back again and search for Torque News Ford F-150 news for more F-150 truck news coverage.