Factory Tracking Devices in Mavericks

[whitef]

My Mav is a 22. That device behind the seat is an amp for the sound system (such as it is).

In the owners manual (for a 22), page 297. Body Control Module Fuse Panel location 11 is Telematics Control Module.

{edit for clarity] On a 22 the module is located straight behind the climate controls buried in the dash.

The fuses are under a panel under the glovebox.

Sponsored

 

[Skyline]

@whitef ...

The unit behind the backseat does have an IMEI number for the SIM-card, like the the one below from the 2022 Maverick:

In the 2023 Maverick, there's no IEMI number for the SIM-card on the box, but pretty certain that there's one in the box, or somewhere else. Unless the Telemetric Control Module has it's own SIM-card, this is where the data goes out on the wireless network.

Based on the fact that you can view the location for the Maverick with the FordPass app, The chances are that the Maverick has a GPS module somewhere. Yes, cell towers can be utilized for triangulate the location of the vehicle, but GPS is more accurate.

In addition, the Maverick does have a Wi-Fi router, that can be used by the passengers for Internet access. It relies on the SIM-card to access the Internet; for the first three month, this is a free service. On the other hand, the Wi-Fi access point can be utilized for detecting other Wi-Fi access point in the area to narrow down the location. Yes, there's a Wi-Fi access point database (thanks Google) with GPS coordinates, most cell phones do use this database for verifying the correct direction.

As long as the SIM-card is active, it is conceivable that some of the data still will make its way to Ford, one way or another.

With that stated, I'll pull the referenced fuse #11 tomorrow. Presumably, this will not cause any issues since no other module relies this to be active. If it does, resetting the fuse does not look that hard....

 

[whitef]

@whitef ...

The unit behind the backseat does have an IMEI number for the SIM-card, like the the one below from the 2022 Maverick:

In the 2023 Maverick, there's no IEMI number for the SIM-card on the box, but pretty certain that there's one in the box, or somewhere else. Unless the Telemetric Control Module has it's own SIM-card, this is where the data goes out on the wireless network.

Based on the fact that you can view the location for the Maverick with the FordPass app, The chances are that the Maverick has a GPS module somewhere. Yes, cell towers can be utilized for triangulate the location of the vehicle, but GPS is more accurate.

In addition, the Maverick does have a Wi-Fi router, that can be used by the passengers for Internet access. It relies on the SIM-card to access the Internet; for the first three month, this is a free service. On the other hand, the Wi-Fi access point can be utilized for detecting other Wi-Fi access point in the area to narrow down the location. Yes, there's a Wi-Fi access point database (thanks Google) with GPS coordinates, most cell phones do use this database for verifying the correct direction.

As long as the SIM-card is active, it is conceivable that some of the data still will make its way to Ford, one way or another.

With that stated, I'll pull the referenced fuse #11 tomorrow. Presumably, this will not cause any issues since no other module relies this to be active. If it does, resetting the fuse does not look that hard....

Hmmmmmm. I do not have a TCU behind the seat. The part number decodes to a TCU and cross references to a bunch of Ford models.

Here's what mine looks like behind the seat.

I can also verify that 1) The data at Ford stopped when I pulled. the fuse (confirmed by dealer), and 2) the car no longer can set the clock off GPS automatically.

 

[NoVaJimmy]

I've done quite a lot of work on this in my security research role and have issued the following guidance for our fleet of corporate owned Ford vehicles.

• Ford engages in invasive tracking of customer vehicles via the on-board telematics and via the "FordPass" mobile applications.
• Ford's Terms of Service and Privacy policy are end-user hostile and unacceptable..
• Do not accept the Terms of Service or Privacy Policy presented by Ford Motor Company.
• Do not install any Ford sourced mobile applications on company owned devices. We strongly discourage the use of Ford mobile applications on personal devices.

My testing showed that disabling the "convenience" features in the car menu DID NOT stop the cellular radio from being active. I believe that Ford still tracks the vehicle but does not make the data visible to the end user or the dealerships.

On a Maverick, you can pull fuse 11 from the fuse panel under the glovebox. This powers off the 'telematics control module' and stops the tracking. Additionally, if you have the dash apart you can unplug the TCM completely, It is a free standing module with no co-dependencies. Somewhere in Ford land, there is a group of engineers that understand the pure evil of this these tracking / monetization policies and intentionally made it easy to disable the TCM. Kudos to them for doing the right thing.

Undoing that will cause. you to not be able to start your car with your phone, see your tire pressures and a handful of other useless 'features' that Ford offers as compensation for monetizing your life. You dealer won't receive your mileage to bug you about the oil changes that you've already done.

A few other notes.

• If you're interested in what some of the dealer sees from the TCU, you can go to motorcraftservice.com and purchase a 72 hour subscription to the tech info (super useful if you need wiring diagrams, etc). From there you can view non-sensitive telematic data. No location or anything. FoMoCo keeps the juicy stuff for themselves and the 'marketing partners.'
• Many of you will come back with the argument of "I have nothing to hide,' or 'you're carrying a phone that tracks you anyway.' Both of these responses make you sound foolish. Here's where we're headed, largely based on every auto maker's own forward looking statements to investors:
  • First, how about behavior tracking / curation based on location. Are you ready to have a pop up on your car screen that says "Hello Mr. Smith. We've noticed that you visit the liquor store regularly and have notified your health insurer.?" How about "Mr Smith, you seem to be at the adult theater, we've notified your wife's council?"
  • Then, driving habits. Ford's current software has a soon to be enabled feature that can send your driving behavior straight to your insurance company. Brake late...miss a stop sign, go to fast when passing? That now costs money.
  • As for your mobile computer that happens to occasionally make / receive calls, you are probably correct. It's probably doing quite a lot of tracking. All of this tracking, apart from cell tower triangulation, is completely avoidable by the owner of the device. Or put another way, entered into voluntarily and consented to by you. It doesn't have to be this way.

Sorry for the long post, but I hate to see everyone just give in to invasive tracking. It's going to end badly, and is preventable.

Too bad most of the apps on your cell phone are already collecting and selling data in order to sell to insurance companies among other industries. Unless you have a Nokia phone from 2001 or have read the terms of service for every app installed on your smart phone then that's a moot point.

 

[2022EOW]

The Maverick being the first new truck I have purchased since 2004, the question occurred to me, this being 2023, does Ford install trackers in it's vehicles?

You planning a robbery?

 

[2022EOW]

We’ve been tracked for decades, nothing new. Horses even left shit and tracks.

 

[Zotman]

Ja, you VILL comply...

 

[Axlesup]

The Maverick being the first new truck I have purchased since 2004, the question occurred to me, this being 2023, does Ford install trackers in it's vehicles?

If you open up your Ford pass app it will show you the address your truck is at. My mom's car got stolen Monday and now I'm so glad I have the ability to locate my truck.

 

[Skyline]

Hmmmmmm. I do not have a TCU behind the seat. The part number decodes to a TCU and cross references to a bunch of Ford models.

Here's what mine looks like behind the seat.

I can also verify that 1) The data at Ford stopped when I pulled. the fuse (confirmed by dealer), and 2) the car no longer can set the clock off GPS automatically.

I guess Ford changed the location of the TCU at sometimes, after you've got your Mav...

I was wrong about WiFi router, actually it is a hot-spot that can be configured by the owner; there's no other configuration is accessible. As such, TCU, GPS and other control units access to the SIM/Internet is not possible, other than unplugging TCU.

The FordPass smartphone access to the Internet gives an indication as to where The TCU and other control units may connect to. In my short monitoring of this app's access to the Internet, this is what I found:

Ford domains:
uemm-dynatrace.app.ford.com
www-payments.prod.cf.app.ford.com
www.payments.ford.com
www.subscriptions.ford.com
www.fordpass.com
usapi.cv.ford.com
uemm-dynatrace.app.ford.com
api.mps.ford.com
api-pd01e-gcp.prod.cf.app.ford.com
api.pd01e.gcp.ford.com
permissions.ford.com

Microsoft domains:
api1e0b643879564eb99737d80032739043u4abslodac8xgr3wvb9qd.eastus.cloudapp.azure.com
in2-gw2-01-ce7dd027.eastus2.cloudapp.azure.com
in.appcenter.ms

HERE Global B.V. Eindhoven, NL (Amazon AWS servers)
account.api.here.com.a693.p01.hereglb.com

In addition, the in app messaging relies on Facebook chat, that I didn't open. Next to Ford; Amazon, Facebook, HERE and Microsoft has access to the collected data.

Closing the FordPass app on the smartphone stops its connectivity to the Internet, presumably data collection as well. At least on the smartphone...

There's no reason why the TCU would not continue collect/upload data in real time, especially when the vehicle is moving, to the same domains listed above. I have no tools for analyzing the TCU connection to the Internet.

It seems to me, that disconnecting the TCU behind the rear seat, SIM-card loosing power, is the only option to stop transferring data to these domains. At this point, I don't know if doing so would impact the engine controls, or any other additional "features" that came with the Maverick. Leaving it on and using the privacy settings to limit data collection may just disable FordPass app and the dealer's access to the data, but Ford and other cloud services access may not be impacted.

 

[Tiger Dude]

I want the little flags that popped up for turn signals

 

[Fattdogs]

Did you see that Ford just recently put in a patent application for the tech to be able to remotely repossess vehicles? Both via "annoying" the customer who fell behind on payments (have the radio scream at full volume a siren noise whenever powered on, disable all heat and cooling features, etc....), as well as having the vehicle literally self-drive itself to a slightly different location so a tow truck can get to it more easily for a tow.

Can confirm, fuse 11 does the trick. It doesn't throw any errors... Lets just say my insurance company thinks my mav's been parked untouched for a few weeks now...

 

[whitef]

I guess Ford changed the location of the TCU at sometimes, after you've got your Mav...

I was wrong about WiFi router, actually it is a hot-spot that can be configured by the owner; there's no other configuration is accessible. As such, TCU, GPS and other control units access to the SIM/Internet is not possible, other than unplugging TCU.

The FordPass smartphone access to the Internet gives an indication as to where The TCU and other control units may connect to. In my short monitoring of this app's access to the Internet, this is what I found:

Ford domains:
uemm-dynatrace.app.ford.com
www-payments.prod.cf.app.ford.com
www.payments.ford.com
www.subscriptions.ford.com
www.fordpass.com
usapi.cv.ford.com
uemm-dynatrace.app.ford.com
api.mps.ford.com
api-pd01e-gcp.prod.cf.app.ford.com
api.pd01e.gcp.ford.com
permissions.ford.com

Microsoft domains:
api1e0b643879564eb99737d80032739043u4abslodac8xgr3wvb9qd.eastus.cloudapp.azure.com
in2-gw2-01-ce7dd027.eastus2.cloudapp.azure.com
in.appcenter.ms

HERE Global B.V. Eindhoven, NL (Amazon AWS servers)
account.api.here.com.a693.p01.hereglb.com

In addition, the in app messaging relies on Facebook chat, that I didn't open. Next to Ford; Amazon, Facebook, HERE and Microsoft has access to the collected data.

Closing the FordPass app on the smartphone stops its connectivity to the Internet, presumably data collection as well. At least on the smartphone...

There's no reason why the TCU would not continue collect/upload data in real time, especially when the vehicle is moving, to the same domains listed above. I have no tools for analyzing the TCU connection to the Internet.

It seems to me, that disconnecting the TCU behind the rear seat, SIM-card loosing power, is the only option to stop transferring data to these domains. At this point, I don't know if doing so would impact the engine controls, or any other additional "features" that came with the Maverick. Leaving it on and using the privacy settings to limit data collection may just disable FordPass app and the dealer's access to the data, but Ford and other cloud services access may not be impacted.

First, this is great work and thanks for posting it. It's very helpful to have a list of tracking URLs from the mobile apps.

Did you test on iOS, Android or both?

I had previously confirmed that the TCU operates independently of the mobile apps. Since I pulled fuse 11, my car stopped sending data to Ford. If I look at it in 'motorcraftservice.com' it shows the mileage and date when I pulled the fuse and just indicates the data is stale. The car was at the dealer for a minor warranty issue, and they have the same info. No alarm or concern from the dealer.

It would be interesting to see if the vehicle updates with the TCU powered off, but with a Fordpass enabled smart device connected via BT or USB. Not interesting enough for me to put Fordpass back on a device. Perhaps someone has tested such a config.

My TCU has been powered off for about six months and over 25k miles. No adverse effects.

Thanks again for the URL data.

 

[whitef]

Can confirm, fuse 11 does the trick. It doesn't throw any errors... Lets just say my insurance company thinks my mav's been parked untouched for a few weeks now...

Mine has been unplugged for about six months and over 25k. No issues.

 

[Skyline]

Did you test on iOS, Android or both?

I did not want an Adroid smartphone, tested on iOS. If you have an Android smart device, you can test FordPass app via the NextDNS app:

https://my.nextdns.io/99cb16/setup

NextDNS is available for pretty much every platforms.

I'd recommend to register and account for free and install the app for Android:

https://play.google.com/store/apps/details?id=io.nextdns.NextDNS

With the NexDNS app, you'll need to change the Andoid/iOS DNS configuration,where; this where the DNS queries are logged. You can access these logs over the web with your account. The log looks like this, just partial capture:

It's a rudimentary tracking of the internet connection, but it does what I need it for. You mileage may vary...

There were 4-5 actual ad companies URLs that had been blocked, not shown, based on various black lists. In addition, you can add any URL(s) that you'd like to block. I do block a number of Apple domains, but they are still the majority of my Internet connection:

Despite the fact that on my iPhone most of the features, like storing anything in iCloud, had been disabled. Oops, I am going sideways, sorry...

Thanks @Fattdogs for confirming the fuse # on a 2023 Mav, I'll check mine as soon as the weather gets warmer....

 

[surfstar]

I've done quite a lot of work on this in my security research role and have issued the following guidance for our fleet of corporate owned Ford vehicles.

• Ford engages in invasive tracking of customer vehicles via the on-board telematics and via the "FordPass" mobile applications.
• Ford's Terms of Service and Privacy policy are end-user hostile and unacceptable..
• Do not accept the Terms of Service or Privacy Policy presented by Ford Motor Company.
• Do not install any Ford sourced mobile applications on company owned devices. We strongly discourage the use of Ford mobile applications on personal devices.

My testing showed that disabling the "convenience" features in the car menu DID NOT stop the cellular radio from being active. I believe that Ford still tracks the vehicle but does not make the data visible to the end user or the dealerships.

On a Maverick, you can pull fuse 11 from the fuse panel under the glovebox. This powers off the 'telematics control module' and stops the tracking. Additionally, if you have the dash apart you can unplug the TCM completely, It is a free standing module with no co-dependencies. Somewhere in Ford land, there is a group of engineers that understand the pure evil of this these tracking / monetization policies and intentionally made it easy to disable the TCM. Kudos to them for doing the right thing.

Undoing that will cause. you to not be able to start your car with your phone, see your tire pressures and a handful of other useless 'features' that Ford offers as compensation for monetizing your life. You dealer won't receive your mileage to bug you about the oil changes that you've already done.

A few other notes.

• If you're interested in what some of the dealer sees from the TCU, you can go to motorcraftservice.com and purchase a 72 hour subscription to the tech info (super useful if you need wiring diagrams, etc). From there you can view non-sensitive telematic data. No location or anything. FoMoCo keeps the juicy stuff for themselves and the 'marketing partners.'
• Many of you will come back with the argument of "I have nothing to hide,' or 'you're carrying a phone that tracks you anyway.' Both of these responses make you sound foolish. Here's where we're headed, largely based on every auto maker's own forward looking statements to investors:
  • First, how about behavior tracking / curation based on location. Are you ready to have a pop up on your car screen that says "Hello Mr. Smith. We've noticed that you visit the liquor store regularly and have notified your health insurer.?" How about "Mr Smith, you seem to be at the adult theater, we've notified your wife's council?"
  • Then, driving habits. Ford's current software has a soon to be enabled feature that can send your driving behavior straight to your insurance company. Brake late...miss a stop sign, go to fast when passing? That now costs money.
  • As for your mobile computer that happens to occasionally make / receive calls, you are probably correct. It's probably doing quite a lot of tracking. All of this tracking, apart from cell tower triangulation, is completely avoidable by the owner of the device. Or put another way, entered into voluntarily and consented to by you. It doesn't have to be this way.

Sorry for the long post, but I hate to see everyone just give in to invasive tracking. It's going to end badly, and is preventable.

I hope you smashed your computer after typing this (after removing hard drive) and tossed your burner cell phone and relocated to a new safe house.

Sponsored