Five months after a man returns a rental car, he can still unlock and lock the vehicle, and even start and stop its engine. This example illustrates just how much smartphones are now linked to modern automotive technology.
Masamba Sinclair rented a Ford Expedition from rental car giant Enterprise in May of this year. Of course he wanted to try out the modern connection platform “FordPass”. Thanks to this app, the driver can use his smartphone to control elementary controls of the vehicle. Sinclair was able to start and stop the car’s engine, unlock and lock the doors and locate the Ford.
.@Ford I returned this car two weeks ago and you’ve shown no willingness to allow rental companies to remove my access to unlock it and start the engine. Maybe I’ll just start randomly unlocking it. pic.twitter.com/MrBVU68Jh4
— Masamba (@MasambaS) June 14, 2019
While Sinclair was still very enthusiastic about the app in May and the resulting possibilities, his opinion has changed a lot in the meantime. After returning the car, he noticed that he still had full access to the car on his smartphone via FordPass. To reduce the risk of misuse, Sinclair repeatedly asked Ford to block his access to the vehicle. However, the car manufacturer did not react.
Meanwhile, Masamba Sinclair has uploaded a video to YouTube that proves he can remotely control the vehicle. But all this doesn’t seem enough to get Ford’s attention.
Of course, this is a huge security risk. As practical as the FordPass App may be, it can be dangerous for the driver. This does not only affect the drivers of the rental car. Imagine buying a used Ford that was previously connected to FordPass. Once a connection has been established, the previous user has permanent access to the vehicle if the connection is not disconnected.
In the meantime, other people have pointed out this problem to Ford in addition to Sinclair. However, an effective response from the car manufacturer is yet to come. It simply reminds users that there are two ways to disconnect. Either the car owner disconnects the connection in the infotainment settings or the smartphone owner disconnects the connection. The fact that one must first become active makes it clear which dangers can emanate from malicious persons. This opens the door for stalkers, for example.
Stories like these cast a completely new light on the practical apps of car manufacturers. After all, the convenient features also entail risks that should by no means be underestimated. Since the control of a vehicle also involves a great deal of responsibility, manufacturers should urgently consider whether the safety mechanisms of the apps need to be revised.