Man is still able to remotely control Ford rental five months after returning it
Scientific and technological progress often brings plenty of benefits for the average person, but sometimes, there are unintended consequences. As modern vehicles become more advanced, these consequences have become more clear than ever.
A recent report from Ars Technica highlights some of the issues associated with renting or buying a “connected vehicle” from a third party. In this case, a man named Msamba Sinclair acquired a Ford Expedition from rental service Enterprise back in May. A few days after returning it later that month, Sinclair realized — much to his surprise — that he still had access to the vehicle via the FordPass app, which lets drivers control various aspects of a supported Ford vehicle remotely.
Specifically, Sinclair was able to remotely start or stop the car’s engine, lock or unlock the doors, and track its exact location. To this day (many months later), Sinclair still has access, suggesting that Enterprise (at least, the specific location the vehicle is being rented from) has failed to reset the vehicle’s infotainment system properly upon each new rental.
Sinclair has tried to bring this issue to the attention of Ford, but without any success. His suggestions for fixing the dilemma, submitted via Ford’s “New Ideas” program, were also rejected.
Naturally, this is a massive security risk for connected car users everywhere — Ford is far from the only company that allows for remote systems control. Sinclair might be benevolent enough to draw attention to the matter and avoid abusing his access, but not every driver will be. The potential for bad actors to remotely unlock a vehicle and swipe a new renter’s belongings (or worse) is ever-present.
Ford, for its part, says the infotainment screens of its connected vehicles will display a warning when a device is paired, but as Ars notes, it’s clear that Enterprise workers have failed to see or heed this information over the past several months.
Ford also claims that performing a “Master Reset” — which would unpair connected devices — is part of a “used car checklist” at its own dealerships, which must be followed before the sale of a vehicle. It seems this Enterprise location has a different set of pre-rental protocols.
Regardless, this is an unfortunate situation, and we hope Ford and Enterprise develop a permanent solution moving forward, whether that comes in the form of a software fix from Ford or new pre-rental procedures from Enterprise.