Vehicle Hacked??!!

Car configuration discussions and experience sharing
Post Reply
cfoster87
Posts: 4
Joined: Fri Apr 23, 2021 1:05 am
Vehicle: 2017 Ford Fusion SE 2.5

Vehicle Hacked??!!

Post by cfoster87 »

:arrow: Hi everyone I am new to forscan and in need of some help reflashing the modules in my 2017 Ford Fusion.

As rare as it sounds a few months ago I believe my car was hacked. It started changing gears, accelerating all by itself. The RPM’s spiking, electronic stability control/power steering cutting out randomly, the heat/fan speed would turn off and even go up and down without touching the knob. The TPMS displays inaccurate readings (likely spoofed) just to name a few.
So anyways when I took my car into the local Ford dealership they laughed and said its not possible that a vehicle can be hacked. Of coarse while the car was there it wasn’t doing any of the above things. Just to be on the safe side I told them I wanted the BCM reset back to the factory and they told me that wasn’t possible but they could run a reprogramming on the IDS that “inhales” and “exhales” the modules. So they did that and charged me $190, before I even made it home the car was acting up. After doing some research online I learned about “as-built data” and that it is possible to put the modules back to the factory. The next day I took the car back up to the dealership and spoke with the service manager. They lied and gave me the complete run around, he told me they never said that and that they did reprogram the modules to as-built. He said I didn’t know what I was talking about and flat out refused to reprogram the modules again. I was then told I would need to pay and get a complete inspection done. Frustrated that they already ripped me off I stormed out of there.

So anyways I started reading about forscan and ordered an ELM adapter. Yesterday I went on the motorcraft website and downloaded my as-built data. After I uploaded the file correctly a message popped up saying the data was identical to the modules already on there. I clicked overwrite and closed out but the car is still seemingly hacked. My car did not come with wifi/gps and I do not have my phone paired to the Bluetooth/sync. I believe that the TPMS sensors in the tires are how the car is being accessed and controlled remotely via radio frequency.

I am exhausted and don’t really know what else I can do. I am willing to pay $$$ if someone here is able to help me out with this…
Ghano38
Posts: 322
Joined: Sat Dec 07, 2019 9:10 am
Vehicle: Ford c max

Re: Vehicle Hacked??!!

Post by Ghano38 »

It seems that your BCM has some issues and should be replaced,the only way to hack a car is by intercepting and copying the frequency of the key transmitter or plugging a device in the OBD slot.
cfoster87
Posts: 4
Joined: Fri Apr 23, 2021 1:05 am
Vehicle: 2017 Ford Fusion SE 2.5

Re: Vehicle Hacked??!!

Post by cfoster87 »

Ghano38 wrote:
Fri May 14, 2021 4:50 pm
It seems that your BCM has some issues and should be replaced,the only way to hack a car is by intercepting and copying the frequency of the key transmitter or plugging a device in the OBD slot.
Yes you are absolutely right. My original post was kinda long and I left out some details. I believe they used an SDR to copy the RF from my fob and then plugged into the OBD port.

So you are saying I might need to replace the BCM completely? And if so that means I would need to have it programmed right?
cfoster87
Posts: 4
Joined: Fri Apr 23, 2021 1:05 am
Vehicle: 2017 Ford Fusion SE 2.5

Re: Vehicle Hacked??!!

Post by cfoster87 »

Also does anyone know what the person might have done after gaining access to the car.. Is it possible that they installed some kind of program?
Ecmbuster
Posts: 937
Joined: Sun Mar 15, 2015 4:08 am
Vehicle: Volvo Bertone and two Motorcyles
Location: On a spinning rock

Re: Vehicle Hacked??!!

Post by Ecmbuster »

NO! The car was not hacked and especially NOT through TPMS = bull$hit and that was addressed with Jeep vehicles long ago.
NO! There is no program to inject unless it is an aftermarket tune or adaptations set up with As-Built and if it didn't fit, would certainly complain.
You need to post the data for your vehicle - complete data and all the faults codes.
Is this a North American vehicle?

Dealers are stupid and that's because of "a complete lack of understanding" and have no clue what SDR means.
The dealer should have logegd the VIN to the servers to see if there's any outstanding campaigns or updates. Do that "yesterday".

To access the car, a key is required. The SDR is record and playback (depending on quality). The SDR will open and close the car.
That person would still require an authorized key and "inject" unauthorized data.
Look at your car, front to back, top to bottom for GPS locating or other interior devices.
Have your key in a "Faraday cage" at all times and ALL other keys in a metal tin for inside the living quarters.
We do that in the shop because these keys are a pain-in-the-a$$ and disturb the vehicle tests during sleep mode measurements.
Is there anything installed that is NOT factory equipment?
A new BCM needs to be programmed at the dealer or have a Ford subscription.
Open the BCM and look for water intrusion.
Any vehicle that behaves the way you described, has to record faults.
What transmission is it?
If you think that while driving the vehicle you are driving is being "hacked" those hackers have to be in close proximity the entire time.
Think about that!
Post your data so the readers can see what you have.
Last edited by Ecmbuster on Sat May 15, 2021 3:37 am, edited 1 time in total.
Do not ask for help in PM. Use the forum to ask and answer questions!
hueypilot
Posts: 14
Joined: Tue Jul 23, 2019 10:06 pm
Vehicle: 2017 Ford Police 3.5L
Location: Oceanside, CA USA

Re: Vehicle Hacked??!!

Post by hueypilot »

No your vehicle was not hacked, can't be done. Have the 12volt battery tested. Bad batteries do bad things!
Ecmbuster
Posts: 937
Joined: Sun Mar 15, 2015 4:08 am
Vehicle: Volvo Bertone and two Motorcyles
Location: On a spinning rock

Re: Vehicle Hacked??!!

Post by Ecmbuster »

If you really want the "perfect" solution, cut the PIN 16 wire at the DLC way back to the fire wall. Add in series an ON /OFF switch and stash it.
With the switch OFF, no one can access the DLC and attempt any type of programming, uploads or adaptations.

Pulled that off at the dealer one day, it was very funny.
Do not ask for help in PM. Use the forum to ask and answer questions!
cfoster87
Posts: 4
Joined: Fri Apr 23, 2021 1:05 am
Vehicle: 2017 Ford Fusion SE 2.5

Re: Vehicle Hacked??!!

Post by cfoster87 »

Ecmbuster wrote:
Fri May 14, 2021 8:51 pm
NO! The car was not hacked and especially NOT through TPMS = bull$hit and that was addressed with Jeep vehicles long ago.
NO! There is no program to inject unless it is an aftermarket tune or adaptations set up with As-Built and if it didn't fit, would certainly complain.
You need to post the data for your vehicle - complete data and all the faults codes.
Is this a North American vehicle?

Dealers are stupid and that's because of "a complete lack of understanding" and have no clue what SDR means.
The dealer should have logegd the VIN to the servers to see if there's any outstanding campaigns or updates. Do that "yesterday".

To access the car, a key is required. The SDR is record and playback (depending on quality). The SDR will open and close the car.
That person would still require an authorized key and "inject" unauthorized data.
Look at your car, front to back, top to bottom for GPS locating or other interior devices.
Have your key in a "Faraday cage" at all times and ALL other keys in a metal tin for inside the living quarters.
We do that in the shop because these keys are a pain-in-the-a$$ and disturb the vehicle tests during sleep mode measurements.
Is there anything installed that is NOT factory equipment?
A new BCM needs to be programmed at the dealer or have a Ford subscription.
Open the BCM and look for water intrusion.
Any vehicle that behaves the way you described, has to record faults.
What transmission is it?
If you think that while driving the vehicle you are driving is being "hacked" those hackers have to be in close proximity the entire time.
Think about that!
Post your data so the readers can see what you have.
Nope I don’t have any tunes the car is North American (I live in Canada) and everything is completely factory. It is a 2.5 litre v6 SE model and yes I can post the complete data with codes I just need to know how I can find it?

As for a GPS tracker I’ve checked inside and out I can’t find anything that looks like it shouldn’t be there. I do know that the car obviously has a radio transceiver do you think that might have anything to do with it?

Your right faraday cages are the way to go, I bought one off Amazon I just wish I had gotten one sooner.

I left out a lot of stuff in my original post because it’s such a long story but one of the reasons I believe it was hacked in the first place is because in the beginning when the car started behaving oddly every single time I would drive by a particular house where I live a “service advance trac” warning would pop up and I would lose my power steering/electronic stability control temporarily. It would clear itself after about 30 seconds and steering would go back to normal. I could drive anywhere in town for hours/days or even go on a road trip out of town it didn’t matter and every single time I’d pass by this one house “service advance trac” popped up never anywhere else. The significance of this is the person who lives at this place happens to be a legit hacker that I’ve had problems with for years. He has cloned various cell phones in the past even hacked into my home internet router before.
Ecmbuster
Posts: 937
Joined: Sun Mar 15, 2015 4:08 am
Vehicle: Volvo Bertone and two Motorcyles
Location: On a spinning rock

Re: Vehicle Hacked??!!

Post by Ecmbuster »

You mentioned " the car started behaving oddly every single time I would drive by a particular house ".
If the car exhibited any problems while driving, one or more controllers should have recorded the event.
That would be the best first step with screen images of all the faults.

Here are some interesting links:
https://windsorstar.com/news/local-news ... -dead-zone
https://www.cbc.ca/news/canada/newfound ... -1.5192844
https://www.cbc.ca/news/canada/calgary/ ... -1.4999558
Do not ask for help in PM. Use the forum to ask and answer questions!
tractmec
Posts: 428
Joined: Thu May 26, 2016 11:43 pm
Vehicle: F150 5.4 Triton 2005 Expy5.4 2003 Fusion 3.0 2010

Re: Vehicle Hacked??!!

Post by tractmec »

Post your data so the readers can see what you have.
Nope I don’t have any tunes the car is North American (I live in Canada) and everything is completely factory. It is a 2.5 litre v6 SE model and yes I can post the complete data with codes I just need to know how I can find it?

As for a GPS tracker I’ve checked inside and out I can’t find anything that looks like it shouldn’t be there. I do know that the car obviously has a radio transceiver do you think that might have anything to do with it?

Your right faraday cages are the way to go, I bought one off Amazon I just wish I had gotten one sooner.

I left out a lot of stuff in my original post because it’s such a long story but one of the reasons I believe it was hacked in the first place is because in the beginning when the car started behaving oddly every single time I would drive by a particular house where I live a “service advance trac” warning would pop up and I would lose my power steering/electronic stability control temporarily. It would clear itself after about 30 seconds and steering would go back to normal. I could drive anywhere in town for hours/days or even go on a road trip out of town it didn’t matter and every single time I’d pass by this one house “service advance trac” popped up never anywhere else. The significance of this is the person who lives at this place happens to be a legit hacker that I’ve had problems with for years. He has cloned various cell phones in the past even hacked into my home internet router before.
I live in Canada too and I also strongly doubt you have a hack problem!!! Someone would really have to hate you enough or trying to extort something from you,(where is the payoff in something like this) to spend considerable time with "Dealer level equipment" in order to do a hack like this.
Not totally impossible but very improbable!

Do a Forscan connection and read using the previous profile and save a screen of the DTC screen read (Use the Windows snipping tool in Windows accessories to make a PNG file)(See examples below). Delete any Profiles stored under the Profile tab( see example screen below) and do another connection and full read and post a screen of that too!

This has all the hallmarks of Bad or intermittent Power and/or Ground connections or large system voltage fluctuations or a module or modules on the verge of failing! Should be a load of DTC's thrown around these errors, possibly Voltage threshold codes!

My experience with Electronic Power Steering (EPAS) failures in this model line makes me very suspicious, especially your post about intermittent Advance Trac warnings and loss of the EPAS momentarily makes me think you are perhaps about to experience an EPAS rack failure!

Without you posting any DTC's we are only guessing!
Attachments
Demo only
Demo only
ForscnProfiledemodelete.PNG (61.38 KiB) Viewed 357 times
Demo only
Demo only
ForscnProfiledemo.PNG (50.48 KiB) Viewed 357 times
Demo only
Demo only
ForscsnDTC.PNG (181.85 KiB) Viewed 357 times
Post Reply