A Ford dealer must be able to service any Ford vehicle, including replacing lost keys. The dealers have access to the central database.
Ford failed to monitor access to the database. The whole problem would have been avoided if they just emailed the service manager every time a database lookup is made. Unfortunately he is in Texas, so Ford needs to be 51% at fault for a judgement. The lawyers are playing this out in the press so Ford will pay to make it go away, even though they would likely prevail in a Texas court.
Ford needs to cut this kid a check for $500k, and implement some better auditing of access to the database.
> A Ford dealer must be able to service any Ford vehicle, including replacing lost keys.
Edit: No, you don't. The lock is just a password. You don't store unhashed passwords.
Have an override code to reset the lock code in the car. That'd stop things like this because the original keys would no-longer function and the owner would know that something was wrong. But if the owner loses her keys, then she'll have the new keys anyway and won't have to worry about the old ones being found and used against her.
The problem comes when you not only have to replace the keys (which typically sell for about $120-$240 these days) but the lock cylinders in the door(s), the glovebox, the trunk, and the steering column. The latter of which is typically held in place by a single-use bolt that has to be drilled out to remove.
The module that responds to the keyless entry signals can easily be reprogrammed, often without tools. However, sometimes they can only hold so many codes before they get "full" and have to be replaced. Honda is 10, I think. Ford is probably similar. So don't lose your keys too often.
He is using computer security as a metaphor.
Security is the same, whether it is digital or a physical lock. It is just much easier to implement these sorts of algorithms in the world of bits than it is to implement them in the world of atoms.
Ford failed to monitor access to the database. The whole problem would have been avoided if they just emailed the service manager every time a database lookup is made. Unfortunately he is in Texas, so Ford needs to be 51% at fault for a judgement. The lawyers are playing this out in the press so Ford will pay to make it go away, even though they would likely prevail in a Texas court.
Ford needs to cut this kid a check for $500k, and implement some better auditing of access to the database.