433,000 Ford cars to be recalled because of software bug – would you have preferred an internet update?

It’s the kind of news which will make some of the more mean-hearted of us chortle.

Well, those of us who don’t own Ford motor cars at least.

Apparently, Ford has identified a software bug on a number of its car models that means drivers may not be able to turn off the engine, even if they remove the ignition key.

As a result, 433,000 2015 Focus, C-MAX and Escape vehicles are being recalled for a software update.

Ford advisory

Ford Motor Company is issuing a safety compliance recall for approximately 433,000 vehicles in North America, including certain 2015 Focus, C-MAX and Escape vehicles, for an issue with the body control module. In these vehicles, it could be possible for the engine to continue to run after turning the ignition key to the “off” position and removing the key, or after pressing the Engine Start/Stop button. This is a compliance issue with FMVSS 114 regarding theft protection and rollaway prevention.

Ford is not aware of any accidents or injuries associated with this issue.

Clearly its frustrating for those 433,000 car owners, and a major nuisance for the car dealerships that will have to apply the software fix even if it only takes a few minutes in the showroom.

Wouldn’t it have been much less of a nuisance if those Ford cars had been able to update themselves via the internet instead?

Well, yes, maybe that would have been a smoother way to roll out the software patch to all those cars – but don’t forget there are significant security challenges with that approach too.

For instance, BMW was forced to roll out a patch for a security flaw earlier this year that could have allowed hackers to open the doors of some 2.2 million vehicles – after a security researcher showed how he was able to intercept network traffic from certain BMW, Mini and Rolls Royce models and send commands telling the cars to lower their windows or open their doors.

BMW Connected Drive

In other words, the way BMW had implemented internet updates for its cars had itself introduced a serious security vulnerability.

Furthermore, Massachusetts Senator Ed Markey released a report claiming that many modern car manufacturers are endangering lives by exposing drivers to hacking attacks that could cause vehicles to be hijacked or crashed, and the personal information of drivers to be stolen.

And who can forget the time we showed you how car hackers can disable brakes and steal your personal data?

In short, cars which are capable of receiving instructions via the internet (such as software updates) are potentially more at risk of being hacked or meddled with than those which don’t.

And yet, as the unstoppable internet of things continues to pervade everything from smart home thermostats to lightbulbs to fridges to medical implants and baby monitors it seems inevitable that more and more cars will contain this kind of functionality in the years to come.

Yes, it’s a heck lot more convenient for car drivers to have their cars fixed remotely, but the more that software is used to control and maintain our vehicles the more potential exists for mistakes to be made, and for malicious hackers to take advantage.

So, how do you feel about internet updates for your car? Would you like to be on the receiving end, or would you prefer to be in the driving seat for your vehicle’s patches and decide for yourself when you’ll squeeze in a trip to the garage?

Leave a comment below, sharing your opinion.

by Graham Cluley, ESET We Live Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s