4G Modem Disabling Instructions:

[johnto]

Like some others, I lost most of my interest in new cars due to the tracking and overuse of electronics doomed to become expensive repairs. The tracking was really my number 1 issue and when I found this thread it was enough for me to go ahead and pull the trigger (shortly followed by the fuse).

As someone else brought up, the potential for the car to store or cache data which can then be uploaded if the fuse was reinstalled or during service is still a bit of a concern. However, I recently discovered that manufacturers are now using bluetooth to create mesh networks which allow devices (in our case our cars) to relay information between them. A simple software update will increase the range of bluetooth to a half mile. So mother Ford can, if so motivated to exploit this capability, transmit your data to another Ford vehicle that can then, if the modem is enabled, upload to the mothership.

If you want more info on this goto 10:24 of this youtube video


Hoping some of the ingenious folks here can formulate (or have formulated) a counter to this potential work around by Ford.

Sponsored

 

[CrowsHeadSoup]

So mother Ford can, if so motivated to exploit this capability, transmit your data to another Ford vehicle that can then, if the modem is enabled, upload to the mothership.

Best to assume they do and act from there.
Thanks for the video.

 

[dx2]

He might have good intentions with the video message but he mixes some uncertainties with technical facts together and you know what this will lead to with a non-rf-software-security educated audience which probably cannot distinguish what is what.
Most of what he says is right but quite mixed together and hard to get if you are not familiar with the terms and techologies involved. The general distrust towards the mix of new tech and modern data-collect-attempts is warranted just do not get overly paranoid without understanding the technology.

I just want to say a bit abound mesh networks.

He mentions half a mile radio coverage: That is a bit of exaggeration. That might happen under directly line of sight and in good weather conditions. Usually you have obstacles in densely populated areas. A coherent mesh network could be spanned there but the coverage is a few feet.

A mesh network can, given the right modulation and RF setup, relay packets through home devices spanning multiple homes if the device network is dense enough.

Stationary devices, like TVs, which are wifi internet connected, would be used as relays to gather information about surrounding not-internet-connected node devices. But in general most devices have wifi, and these devices have coverage already, no need for a mesh. Even the smart city devices (smart city lights).

Zigbee, Thread and BT mesh are all different protocols and these are not compatible among each other.

Mesh networks have the big disadvantage of not being able to transmit a lot of data because otherwise they get congested very quick, also the amount of device participating in a mesh is practically limited by this constraint. Imagine a traffic jam.

In mesh networks, devices have to be part of a network, commissioned with an app-key, traffic will be encrypted. other devices just cannot hop in and get the data without being allowed before. As he correctly explains the the concept TTL, what he does not mention is that a message must be decrypted, and re-encrypted to modify this value.

Random devices being part of different networks will not relay messages or else you could easily attack a network by spamming it and render it inoperative.

So the mesh devices will be either all be manipulated by an attacker, which is unlikely or normally be part of the same network, also unlikely. Not sure what the point is for relaying location information of mobile devices through mesh networks for the purpose of spying, these devices are cellular connected anyway.

LoRa as a radio modulation is quite robust again interference and is capable or achieving very long range but it is not widespread in use. It is also mostly applied in combination with LoRaWAN which is an open source LPWAN standard and it is not a mesh but a star topology network. lora as rf modulation can be used to build a mesh protocol similar to the other three mentioned above but there is no such standard.

tracking the devices and thus persons and objects is kind of unavoidable. This is independent of mesh networks.

One way to avoid arbitrary software to be installed on devices is to use means of cryptography by digitally signing the software update.
Only these with a known and valid signature will be accepted by the device so attackers have a very hard way infiltrating mesh networks.
But the devices must be set up to behave securely like this and not all are, especially not older ones.
An example of this technique is already done for example by Ford with the Sync Software.
If you try to modify the update, it will be rejected and not installed, you can try and verify this yourself on the Mustang.

There are state authorities which make sure that certain security features are provided in devices.
Getting a certified device will guarantee that the device was tested and there are no security short comings. To prevent device manufacturers from doing whatever they want, we probably need new laws to disallow malpractice.

Eventually what you wanna do as a counter measure depends on what damage you are willing to accept in case it happens.

I like how he explains possibilities for jamming just for completeness. Just be sure arbitrary jamming frequencies does more harm then it will help. If you have stuff worth hiding, don't use wireless at all. Essentially I share his message about not blindly trusting others.

Devices will not blindly forward any kind of foreign data it receives.

I say mesh networks are not malevolent in nature or not designed to promote tracking/spying/monitoring people.

They can be used in helpful and useful ways without all the spy stuff but it depends who you will share the data with. A completely local mesh under your control that is not connected to the internet at home is fine.

 

[velocity550]

What a fucking legend Drummer is.

 

[CJJon]

I installed a new LED floodlight the other day. When I flipped the switch for the first time a nearby bluetooth speaker came to life with a "Ready to Connect" announcement.

Sure enough, it was the light that was causing it. This is a cheap, non-IOT device (supposed to be anyway). Nowhere on the packaging or instructions does it mention BT.

 

[Rapid Red]

I installed a new LED floodlight the other day. When I flipped the switch for the first time a nearby bluetooth speaker came to life with a "Ready to Connect" announcement.

Sure enough, it was the light that was causing it. This is a cheap, non-IOT device (supposed to be anyway). Nowhere on the packaging or instructions does it mention BT.

That's what you get with plug & play ............ easy set up no admin work (control) required.

 

[Tomster]

Like some others, I lost most of my interest in new cars due to the tracking and overuse of electronics doomed to become expensive repairs. The tracking was really my number 1 issue and when I found this thread it was enough for me to go ahead and pull the trigger (shortly followed by the fuse).

As someone else brought up, the potential for the car to store or cache data which can then be uploaded if the fuse was reinstalled or during service is still a bit of a concern. However, I recently discovered that manufacturers are now using bluetooth to create mesh networks which allow devices (in our case our cars) to relay information between them. A simple software update will increase the range of bluetooth to a half mile. So mother Ford can, if so motivated to exploit this capability, transmit your data to another Ford vehicle that can then, if the modem is enabled, upload to the mothership.

If you want more info on this goto 10:24 of this youtube video


Hoping some of the ingenious folks here can formulate (or have formulated) a counter to this potential work around by Ford.

All you have to do is locate the modem and pull the data/power harness. Done. Nothing is getting transmitted anywhere.

 

[Tomster]

Stop it, you're making me blush. Thank you.


Until someone replies and knows exactly, I think I remember this first started with the '19 model year, and the fuse moved to 8 in '20.

I found it in the manual, you can find which one it is in there or also do a quick search for 2019 Mustang Owners Manual and download your manual from the Ford site.

And recapping earlier conversation to the best of my memory, for now I don't think anyone has found that the circuit the modem is on has anything else in there with it on a Mustang, though I believe I saw other things tied in on other models. Unplugging the modem itself would also suffice, it is easily accessed in the trunk (I think I have pics of this in this thread). Additionally, Tomster has some great content on this topic in his thread in the GT500 forum. Between these two threads, the fuse, the modem, and the antennas are all located with details in the discussion. On mine, just the fuse completely disables it, so I'm a member of the #PullTheFuse gang, but the other disabling methods are also simple. YMMV, but you can test if it's working with the FordPass app.

Yes, 19 and 20s. So far on the single circuit. After what we have published, future models will be much more creative from a standpoint of defeat. As always, locating the modem and pulling the shared data/power harness is the best bet.

 

[johnto]

He might have good intentions with the video message but he mixes some uncertainties with technical facts together and you know what this will lead to with a non-rf-software-security educated audience which probably cannot distinguish what is what.
Most of what he says is right but quite mixed together and hard to get if you are not familiar with the terms and techologies involved. The general distrust towards the mix of new tech and modern data-collect-attempts is warranted just do not get overly paranoid without understanding the technology.

I appreciate the thoughtful and informative post and am certainly not equipped to debate the technical merits of the information.

I don't think it's possible to be paranoid given the lengths we know technology continues to be utilized and developed to gather information about us mostly with a profit motive in mind. I don't think it's practical (if even possible) for the average layperson to gain the level of understanding required to determine the potential threat of a particular technology given the breadth and depth and continuous innovation of the subject matter. For those that have the necessary background and aptitude, this makes perfect sense if they understand their own limitations.

For me I prefer to error on the side of caution. If it is possible it can transmit my data and I don't need or want it, I would prefer to disable it within practical limitations. Never going to prevent all of it but when there are simple steps to mitigate it, I am all for it. Like de-googled phones/unix phones, vpn routers, pulling the modem fuse etc...I am appreciative there are talented folks out there resisting it, some for profit some not. Recognizing due diligence is required to avoid a false sense of security or a scam. Not necessarily learning the technology sufficiently to make a call but relying on the consensus of experts proven to be reliable. You do the best you can if you care about it.

 

[johnto]

All you have to do is locate the modem and pull the data/power harness. Done. Nothing is getting transmitted anywhere.

Thanks...but edumicate me...how does this disable the bluetooth radio?

 

[accel]

He might have good intentions with the video message but he mixes some uncertainties with technical facts together and you know what this will lead to with a non-rf-software-security educated audience which probably cannot distinguish what is what.
Most of what he says is right but quite mixed together and hard to get if you are not familiar with the terms and techologies involved. The general distrust towards the mix of new tech and modern data-collect-attempts is warranted just do not get overly paranoid without understanding the technology.

I just want to say a bit abound mesh networks.

He mentions half a mile radio coverage: That is a bit of exaggeration. That might happen under directly line of sight and in good weather conditions. Usually you have obstacles in densely populated areas. A coherent mesh network could be spanned there but the coverage is a few feet.

A mesh network can, given the right modulation and RF setup, relay packets through home devices spanning multiple homes if the device network is dense enough.

Stationary devices, like TVs, which are wifi internet connected, would be used as relays to gather information about surrounding not-internet-connected node devices. But in general most devices have wifi, and these devices have coverage already, no need for a mesh. Even the smart city devices (smart city lights).

Zigbee, Thread and BT mesh are all different protocols and these are not compatible among each other.

Mesh networks have the big disadvantage of not being able to transmit a lot of data because otherwise they get congested very quick, also the amount of device participating in a mesh is practically limited by this constraint. Imagine a traffic jam.

In mesh networks, devices have to be part of a network, commissioned with an app-key, traffic will be encrypted. other devices just cannot hop in and get the data without being allowed before. As he correctly explains the the concept TTL, what he does not mention is that a message must be decrypted, and re-encrypted to modify this value.

Random devices being part of different networks will not relay messages or else you could easily attack a network by spamming it and render it inoperative.

So the mesh devices will be either all be manipulated by an attacker, which is unlikely or normally be part of the same network, also unlikely. Not sure what the point is for relaying location information of mobile devices through mesh networks for the purpose of spying, these devices are cellular connected anyway.

LoRa as a radio modulation is quite robust again interference and is capable or achieving very long range but it is not widespread in use. It is also mostly applied in combination with LoRaWAN which is an open source LPWAN standard and it is not a mesh but a star topology network. lora as rf modulation can be used to build a mesh protocol similar to the other three mentioned above but there is no such standard.

tracking the devices and thus persons and objects is kind of unavoidable. This is independent of mesh networks.

One way to avoid arbitrary software to be installed on devices is to use means of cryptography by digitally signing the software update.
Only these with a known and valid signature will be accepted by the device so attackers have a very hard way infiltrating mesh networks.
But the devices must be set up to behave securely like this and not all are, especially not older ones.
An example of this technique is already done for example by Ford with the Sync Software.
If you try to modify the update, it will be rejected and not installed, you can try and verify this yourself on the Mustang.

There are state authorities which make sure that certain security features are provided in devices.
Getting a certified device will guarantee that the device was tested and there are no security short comings. To prevent device manufacturers from doing whatever they want, we probably need new laws to disallow malpractice.

Eventually what you wanna do as a counter measure depends on what damage you are willing to accept in case it happens.

I like how he explains possibilities for jamming just for completeness. Just be sure arbitrary jamming frequencies does more harm then it will help. If you have stuff worth hiding, don't use wireless at all. Essentially I share his message about not blindly trusting others.

Devices will not blindly forward any kind of foreign data it receives.

I say mesh networks are not malevolent in nature or not designed to promote tracking/spying/monitoring people.

They can be used in helpful and useful ways without all the spy stuff but it depends who you will share the data with. A completely local mesh under your control that is not connected to the internet at home is fine.

Tldr, but FYI bluetooth network is already a reality for amazon devices like Alexa etc.

I was shocked to discover my account settings (by default) allowed my alexa to share my internet bandwidth with other users.

I discovered this after watching one of the similar videos with instructions on where to log in, which menu to access and what setting to check. Again, the setting was ON, and I never even knew of it. Such a backdoor in plain sight...

And, being in IT myself I can tell that it all depends on implementation. If the data is important, they can record it into some storage and send later, whenever a (bluetooth/wifi) connection is available if 4g is not working.

 

[Tomster]

Thanks...but edumicate me...how does this disable the bluetooth radio?

I'll answer your question with a question. Doesn't any Bluetooth connection need consent before pairing?

There was debate a while back as to whether wifi was being used as an alternate data connection. I believe it was, thats why I disabled my modem. Wifi, IIRC, would grab any open Hotspot. Bluetooth doesn't work that way.

When I get back from my trip, ill have a look at the schematics. But I think it would be as simple as not sharing your Bluetooth connetion with a potential datasource if you don't want anything transmitted.

 

[dx2]

Tldr, but FYI bluetooth network is already a reality for amazon devices like Alexa etc.

I was shocked to discover my account settings (by default) allowed my alexa to share my internet bandwidth with other users.

I discovered this after watching one of the similar videos with instructions on where to log in, which menu to access and what setting to check. Again, the setting was ON, and I never even knew of it. Such a backdoor in plain sight...

And, being in IT myself I can tell that it all depends on implementation. If the data is important, they can record it into some storage and send later, whenever a (bluetooth/wifi) connection is available if 4g is not working.

Thank you for this info. This is how they manage to fail earning trust by leaning to opt-out, hello Microsoft. This service called Amazon Sidewalk seems to be only available in the US at the moment.

There is a white paper which explains how it is intended to be used and how it functions:
https://www.amazon.com/gp/help/customer/display.html?nodeId=GRGWE27XHZPRPBGX

The bandwidth sharing is quite limited:

The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video.

The described use case for sharing bandwidth is mostly intended to extend the coverage for small devices which are otherwise cut off the net in niche locations without coverage.

In case of an outage of just one home connection where for example the modem stops working you would continue to have very limited internet connectivity if you were part of the Sidewalk network. This will not carry the traffic load in case of larger outage.

This is a good example where Amazon tries to establish mesh networking.
A mesh network will not suffice to fully replace internet connectivity.

Amazon does provide 3rd party application operators the possibility to use their Sidewalk network. This way the 3rd party can make use of the already established network with less effort to provide iot device connectivity.
This is potentially replacing other proprietary networks in the future, given the reach of Amazon.

Interestingly the concepts described are very similar to the open source LoRaWAN specification. In regard to the security concept they do the right thing, as they adapt from the specification concepts:

Information customers would deem sensitive, like the contents of a packet sent over the Sidewalk network, is not seen by Sidewalk; only the intended destinations (the endpoint and application server) possess the keys required to access this information. Sidewalk’s design also ensures that owners of Sidewalk gateways do not have access to the contents of the packet from endpoints (they do not own) that use their bandwidth. Similarly, endpoint owners do not have access to gateway information. The Sidewalk Network Server continuously “rolls”, or changes transmission IDs and Sidewalk Gateway IDs every 15 minutes to prevent tracking devices and associating a device to a specific user.

Quite simplified this is how the flow of communication looks like. End devices can communicate with each other as well but that is not part of Sidewalk:

Independently of this white paper, I say:
Generally do not trust Amazon, do not use their products, they may have interest in your money, but not your privacy or security and they want and will continuously increase your dependency on them, bit by bit.

 

[accel]

I'll answer your question with a question. Doesn't any Bluetooth connection need consent before pairing?

Your information is outdated. If you have amazon devices you already share your bandwidth, or, your data is sent over other people's devices by bluetooth.

Check a couple posts above.

On the contrary, you need to make an explicit effort to opt out. And even then who knows.

P.S. according to Rob Braxman (author of YouTube channel from above) amazon is not alone. Apple devices use bluetooth mesh as well.

So it is easy to imagine how apple czr play can take advantage of that.

 

[accel]

Cars store some events in memory that can be sent later or retrieved by a dealership.

I know that when my GT engine had bbq tick (I'm not Shelby owner) and service advisor told me that warranty work was approved, that I"m a responsible owner and my car's data did not contain engine overrev or other reckless conditions.

Sponsored