UNSAFE AT ANY SPEED —
Previous driver could start and stop the engine, lock and unlock doors, and track location.
In October, Ars chronicled the story of a man who was able to remotely start, stop, lock, unlock, and track a Ford explorer he rented and returned five months earlier. Now, something almost identical has happened again to the same Enterprise Rent-A-Car customer. Four days after returning a Ford Mustang, the FordPass app installed on the phone of Masamba Sinclair continues to give him control of the car.
Like the last time, Sinclair could track the car’s location at any given time. He could start and stop the engine and lock and unlock its doors. Enterprise only removed Sinclair’s access to the car on Wednesday, more than three hours after I informed the rental agency of the error.
“It looks like someone else has rented it and it’s currently at a golf resort,” Sinclair wrote on Tuesday in an email. “This car is LOUD so starting the engine will definitely start people asking a lot of questions.” On Wednesday, before his access was removed, he added: “Looks like the previous rental is over and it’s back at the Enterprise parking lot.” Below is a video demonstrating the control he had until then.
We take security and privacy seriously
In October, both Enterprise and Ford said they had mechanisms in place to ensure that FordPass, and other remote apps provided by Ford, were unpaired before vehicles were sold or rented to new customers. The responses were problematic for several reasons. Enterprise, for instance, said rental agreements that customers sign remind them to wipe their data from cars upon their return. The problem is that the reminder doesn’t warn renters of the risks that come when a previous customer’s app remains paired to the vehicle they are renting.
What’s more, customers have little incentive to unpair the app from a car they’re returning. Customers are often scrambling to catch flights and may not want to be bothered searching through menus they’ve never seen before. And since the privacy and security risks fall solely on the new customer, nefarious people returning the car may want to maintain remote access. Unpairing the app by rental agency employees should be standard practice when cars are returned, one that’s no different from vacuuming the car’s carpet or checking its engine.
Ford, meanwhile, maintained that there are several ways drivers can detect when an app has access to their vehicle. The car maker also said it reminds dealerships to unpair cars before being resold.
None of those measures appears to adequately address the risk stemming from people continuing to have control over vehicles after the vehicles have been rented or sold to new customers. Sinclair agrees that he had the ability to unpair his device himself. He said he didn’t do that because he wanted to test the safety procedures put in place by the companies that use and develop the app. An article published last week by KrebsOnSecurity—recounting a man who continued to have remote access to a Ford Focus four years after his lease expired—suggests the problem isn’t isolated.
The problem isn’t that there’s no way to remove previous renters’ or owner’s access to a paired vehicle. Ford vehicles, for instance, display a label on a dashboard screen whenever location sharing, remote start/stop, and remote lock/unlock are active. Popups will also appear on each ignition when location services are active and no known paired Bluetooth devices are detected. The messages can solve the problem only if they’re prominent and clear enough that users recognize the risk. Asked for comment, a Ford spokesman said that the notifications he described in October remained in effect.
Enterprise officials, meanwhile, provided the following statement:
The safety and privacy of our customers is an important priority for us as a company. We appreciate this being brought to our attention and we are actively working to follow up on the issue related to this specific rental that took place last week.
Following the outreach last fall, we updated our car cleaning guidelines related to our master reset procedure. Additionally, we instituted a frequent secondary audit process in coordination with Ford. We also started working with Ford and are very near the completion of testing software with them that will automate the prevention of FordPass pairing by rental customers.
We will use this latest experience as we continue evolving our processes to ensure they best address features and technologies that are continually being added to vehicles.
Vehicles from other manufacturers are likely to have similar features, and like the features provided by Ford, they’re probably easy for many drivers to miss. People renting or buying new cars would do well to read the manuals carefully to learn precisely how remote access works and how to ensure it’s removed from previous customers.