4G Modem Disabling Instructions:

[accel]

He might have good intentions with the video message but he mixes some uncertainties with technical facts together and you know what this will lead to with a non-rf-software-security educated audience which probably cannot distinguish what is what.
Most of what he says is right but quite mixed together and hard to get if you are not familiar with the terms and techologies involved. The general distrust towards the mix of new tech and modern data-collect-attempts is warranted just do not get overly paranoid without understanding the technology.

I just want to say a bit abound mesh networks.

He mentions half a mile radio coverage: That is a bit of exaggeration. That might happen under directly line of sight and in good weather conditions. Usually you have obstacles in densely populated areas. A coherent mesh network could be spanned there but the coverage is a few feet.

A mesh network can, given the right modulation and RF setup, relay packets through home devices spanning multiple homes if the device network is dense enough.

Stationary devices, like TVs, which are wifi internet connected, would be used as relays to gather information about surrounding not-internet-connected node devices. But in general most devices have wifi, and these devices have coverage already, no need for a mesh. Even the smart city devices (smart city lights).

Zigbee, Thread and BT mesh are all different protocols and these are not compatible among each other.

Mesh networks have the big disadvantage of not being able to transmit a lot of data because otherwise they get congested very quick, also the amount of device participating in a mesh is practically limited by this constraint. Imagine a traffic jam.

In mesh networks, devices have to be part of a network, commissioned with an app-key, traffic will be encrypted. other devices just cannot hop in and get the data without being allowed before. As he correctly explains the the concept TTL, what he does not mention is that a message must be decrypted, and re-encrypted to modify this value.

Random devices being part of different networks will not relay messages or else you could easily attack a network by spamming it and render it inoperative.

So the mesh devices will be either all be manipulated by an attacker, which is unlikely or normally be part of the same network, also unlikely. Not sure what the point is for relaying location information of mobile devices through mesh networks for the purpose of spying, these devices are cellular connected anyway.

LoRa as a radio modulation is quite robust again interference and is capable or achieving very long range but it is not widespread in use. It is also mostly applied in combination with LoRaWAN which is an open source LPWAN standard and it is not a mesh but a star topology network. lora as rf modulation can be used to build a mesh protocol similar to the other three mentioned above but there is no such standard.

tracking the devices and thus persons and objects is kind of unavoidable. This is independent of mesh networks.

One way to avoid arbitrary software to be installed on devices is to use means of cryptography by digitally signing the software update.
Only these with a known and valid signature will be accepted by the device so attackers have a very hard way infiltrating mesh networks.
But the devices must be set up to behave securely like this and not all are, especially not older ones.
An example of this technique is already done for example by Ford with the Sync Software.
If you try to modify the update, it will be rejected and not installed, you can try and verify this yourself on the Mustang.

There are state authorities which make sure that certain security features are provided in devices.
Getting a certified device will guarantee that the device was tested and there are no security short comings. To prevent device manufacturers from doing whatever they want, we probably need new laws to disallow malpractice.

Eventually what you wanna do as a counter measure depends on what damage you are willing to accept in case it happens.

I like how he explains possibilities for jamming just for completeness. Just be sure arbitrary jamming frequencies does more harm then it will help. If you have stuff worth hiding, don't use wireless at all. Essentially I share his message about not blindly trusting others.

Devices will not blindly forward any kind of foreign data it receives.

I say mesh networks are not malevolent in nature or not designed to promote tracking/spying/monitoring people.

They can be used in helpful and useful ways without all the spy stuff but it depends who you will share the data with. A completely local mesh under your control that is not connected to the internet at home is fine.

Tldr, but FYI bluetooth network is already a reality for amazon devices like Alexa etc.

I was shocked to discover my account settings (by default) allowed my alexa to share my internet bandwidth with other users.

I discovered this after watching one of the similar videos with instructions on where to log in, which menu to access and what setting to check. Again, the setting was ON, and I never even knew of it. Such a backdoor in plain sight...

And, being in IT myself I can tell that it all depends on implementation. If the data is important, they can record it into some storage and send later, whenever a (bluetooth/wifi) connection is available if 4g is not working.

Sponsored

 

[Tomster]

Thanks...but edumicate me...how does this disable the bluetooth radio?

I'll answer your question with a question. Doesn't any Bluetooth connection need consent before pairing?

There was debate a while back as to whether wifi was being used as an alternate data connection. I believe it was, thats why I disabled my modem. Wifi, IIRC, would grab any open Hotspot. Bluetooth doesn't work that way.

When I get back from my trip, ill have a look at the schematics. But I think it would be as simple as not sharing your Bluetooth connetion with a potential datasource if you don't want anything transmitted.

 

[dx2]

Tldr, but FYI bluetooth network is already a reality for amazon devices like Alexa etc.

I was shocked to discover my account settings (by default) allowed my alexa to share my internet bandwidth with other users.

I discovered this after watching one of the similar videos with instructions on where to log in, which menu to access and what setting to check. Again, the setting was ON, and I never even knew of it. Such a backdoor in plain sight...

And, being in IT myself I can tell that it all depends on implementation. If the data is important, they can record it into some storage and send later, whenever a (bluetooth/wifi) connection is available if 4g is not working.

Thank you for this info. This is how they manage to fail earning trust by leaning to opt-out, hello Microsoft. This service called Amazon Sidewalk seems to be only available in the US at the moment.

There is a white paper which explains how it is intended to be used and how it functions:
https://www.amazon.com/gp/help/customer/display.html?nodeId=GRGWE27XHZPRPBGX

The bandwidth sharing is quite limited:

The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video.

The described use case for sharing bandwidth is mostly intended to extend the coverage for small devices which are otherwise cut off the net in niche locations without coverage.

In case of an outage of just one home connection where for example the modem stops working you would continue to have very limited internet connectivity if you were part of the Sidewalk network. This will not carry the traffic load in case of larger outage.

This is a good example where Amazon tries to establish mesh networking.
A mesh network will not suffice to fully replace internet connectivity.

Amazon does provide 3rd party application operators the possibility to use their Sidewalk network. This way the 3rd party can make use of the already established network with less effort to provide iot device connectivity.
This is potentially replacing other proprietary networks in the future, given the reach of Amazon.

Interestingly the concepts described are very similar to the open source LoRaWAN specification. In regard to the security concept they do the right thing, as they adapt from the specification concepts:

Information customers would deem sensitive, like the contents of a packet sent over the Sidewalk network, is not seen by Sidewalk; only the intended destinations (the endpoint and application server) possess the keys required to access this information. Sidewalk’s design also ensures that owners of Sidewalk gateways do not have access to the contents of the packet from endpoints (they do not own) that use their bandwidth. Similarly, endpoint owners do not have access to gateway information. The Sidewalk Network Server continuously “rolls”, or changes transmission IDs and Sidewalk Gateway IDs every 15 minutes to prevent tracking devices and associating a device to a specific user.

Quite simplified this is how the flow of communication looks like. End devices can communicate with each other as well but that is not part of Sidewalk:

Independently of this white paper, I say:
Generally do not trust Amazon, do not use their products, they may have interest in your money, but not your privacy or security and they want and will continuously increase your dependency on them, bit by bit.

 

[accel]

I'll answer your question with a question. Doesn't any Bluetooth connection need consent before pairing?

Your information is outdated. If you have amazon devices you already share your bandwidth, or, your data is sent over other people's devices by bluetooth.

Check a couple posts above.

On the contrary, you need to make an explicit effort to opt out. And even then who knows.

P.S. according to Rob Braxman (author of YouTube channel from above) amazon is not alone. Apple devices use bluetooth mesh as well.

So it is easy to imagine how apple czr play can take advantage of that.

 

[accel]

Cars store some events in memory that can be sent later or retrieved by a dealership.

I know that when my GT engine had bbq tick (I'm not Shelby owner) and service advisor told me that warranty work was approved, that I"m a responsible owner and my car's data did not contain engine overrev or other reckless conditions.

 

[Tomster]

Your information is outdated. If you have amazon devices you already share your bandwidth, or, your data is sent over other people's devices by bluetooth.

Check a couple posts above.

On the contrary, you need to make an explicit effort to opt out. And even then who knows.

P.S. according to Rob Braxman (author of YouTube channel from above) amazon is not alone. Apple devices use bluetooth mesh as well.

So it is easy to imagine how apple czr play can take advantage of that.

Thats quite the leap. You assume Amazon and Ford are sharing data. Let's stick to the subject matter at hand.

If you have specific proof that a bluetooth link is sharing data with Ford, then please provide the proof.

Drummerboy and I went to a lot of work documenting the process of disabling 4g and wifi. And now you are dealing with hypothetical situations.

Proof please.

 

[accel]

Thats quite the leap. You assume Amazon and Ford are sharing data. Let's stick to the subject matter at hand.

If you have specific proof that a bluetooth link is sharing data with Ford, then please provide the proof.

Drummerboy and I went to a lot of work documenting the process of disabling 4g and wifi. And now you are dealing with hypothetical situations.

Proof please.

I never mentioned they share the data. That's just you assumption.

My post was about bluetooth networking capabilities in general. And not needeing any user consent in particular.

But is easy to see how it could be used by multiple parties already.

 

[Tomster]

I never mentioned they share the data. That's just you assumption.

My post was about bluetooth networking capabilities in general. And not needeing any user consent in particular.

But is easy to see how it could be used by multiple parties already.

What does that have to do with the subject matter?

I just love people who find things to bicker and debate for the sake of it.

 

[JAJ]

Thats quite the leap. You assume Amazon and Ford are sharing data. Let's stick to the subject matter at hand.

If you have specific proof that a bluetooth link is sharing data with Ford, then please provide the proof.

Drummerboy and I went to a lot of work documenting the process of disabling 4g and wifi. And now you are dealing with hypothetical situations.

Proof please.

Read the end-user license agreement(s) for Ford Pass and Sync in your 2018 and 2020. The 2018 might not have the electronics for it, but the 2020 certainly does. Then do the same for your Amazon products if you have Alexa or anything else from them. The agreements will explain precisely how your data is shared and with whom.

 

[JAJ]

What does that have to do with the subject matter?

I just love people who find things to bicker and debate for the sake of it.

Owners may be violating their contract with Ford if they disconnect the modem.

 

[WD Pro]

Owners may be violating their contract with Ford if they disconnect the modem.

Please don’t think I’m being a dick …

What contract ?

I paid cash and bought the car outright - It’s not leased, Ford don’t own any part of it and it’s not going back to them in three years or whatever term people agree to.

Other than voiding part of my warranty, what other say do they have over what I do to it ?

WD

 

[Tomster]

I just bought a 21 loaded escape. I absolutely refused to activate Ford pass and told them specifically I didn't want it or have it activated.

I am not aware of any contract and it certainly would have been voided if there was one when I explicitly declined anything to do with Ford pass or the collection of data. They sold me the car anyway and said that Fordpass would not be activated. There is no contract. There is no obligation.

Edited to add:
I think some of you are making a lot of this stuff up. May I suggest we all stick to the subject matter pertaining to this thread or take your sidetracks over to the general forum.

Its funny how a lot of you would sell yourselves out for enough Ford points to maybe get you an oil change.

 

[JAJ]

Please don’t think I’m being a dick …

What contract ?

I paid cash and bought the car outright - Its not leased, Ford don’t own any part of it and it’s not going back to them in three years or whatever term people agree to.

Other than voiding part of my warranty, what other say do they have over what I do to it ?

WD

There are two contracts that I was referring to that might limit your freedom of action. I'm not certain on either, but there's a lot going on in the automotive data market and OEMS are under a lot of pressure to make sure consumers don't opt out.

One is the end user license agreement with Ford for Ford Pass and/or Sync. If you're using the services these features provide, you may have to release your data to them in the same way as Google gets your data when you use search.

The other is the Bill of Sale you signed when you bought the car - you gave them money and they gave you a car in exchange. Thing is, you may have also agreed to give them your data along with the money. I'm not sure on that point with Ford, but other auto OEM's are doing it.

As they say about contracts, the big print giveth and the small print taketh away...

 

[Bikeman315]

Please don’t think I’m being a dick …

What contract ?

I paid cash and bought the car outright - It’s not leased, Ford don’t own any part of it and it’s not going back to them in three years or whatever term people agree to.

Other than voiding part of my warranty, what other say do they have over what I do to it ?

WD

I believe that there is a contract. If Ford finds out that you broke it they will take away your Mustang and force you to buy a Camaro!

 

[dx2]

right now cars will continue to work no problem, new e-cars could be disabled wirelessly or not start if manipulated. that is one easy way to enforce the contract compared to litigation

Sponsored