2022 LINCOLN NAUTILUS

BACK OVER PREVENTION:SOFTWARE

Ford Motor Company (Ford) is recalling certain 2021-2024 Bronco, F-150, 2021-2024 Edge, 2022-2025 Escape, F-250, F-350, F-450, F-550, F-600, 2022-2024 Expedition, 2022-2025 Transit, 2021-2023 Mach-E, 2024 Ranger, Mustang, 2021-2023 Lincoln Nautilus, 2022-2024 Navigator, and 2023-2024 Corsair vehicles. A software error may cause the rearview camera image to delay, freeze, or not display when the vehicle is in reverse.

Risk: A frozen or missing rearview camera image can reduce the driver's view behind the vehicle, increasing the risk of a crash.

FORWARD COLLISION AVOIDANCE: WARNINGS

Submitted by: [XXX] Dealership: Joe Rizza Ford of Orland Park Vehicle: 2021 Lincoln Nautilus VIN: [XXX] Date: 04/04/25 Overview: Vehicle VIN [XXX] has shown persistent signs of remote system manipulation, unauthorized firmware behavior, and OTA event spoofing. These symptoms have manifested in repeated diagnostic trouble codes (DTCs) across key modules, backdated OTA logging activity, and anomalous file sizes inconsistent with Ford’s documented OTA campaigns. Additionally, the vehicle owner has experienced personal harm attributed to the manipulation: numbness in the back, significant financial and mental distress, and deterioration in relationships with family members, which all correlate with the suspected interference and systemic issues. Key Findings: RFA (Remote Function Actuator) Module Behavior: Repeated DTCs across antennas #2, #3, #4, #6, #8, #11, and #12. Frequent B1B59:87 (BLE Low Energy Module fault) — indicates repeated Bluetooth stack failure or interference. U200F:00 Control Module Output Power C faults consistently recorded. GWM (Gateway Module A) and TCU (Telematics Control Unit) Logs: Software package inconsistencies including large firmware blocks (176 MB to 764 MB). Mismatched "Current Software" vs. "Available Software" versions. Cloud/server-pushed updates logged without dealership-initiated campaign. Confirmed campaign expired for firmware block logged on January 27, 2025, raising further questions on the legitimacy of update triggers. OTAM (Over-The-Air Manager) Log Red Flags: Entries showing timestamps such as January 3, 2000 and January 1, 2018. Consent flags spoofed: "sourceOfConsent='User(1)'" Trigger expiration hours preset to "336" (14-day OTA window, commonly used in timed malware execution) Absence of release notes or authorized campaign identifiers. Pattern Confirmation: Activity spikes on: [XXX], [XXX], and [XXX]. INFORMATION REDACTED PURSUANT TO THE FREEDOM OF INFORMATION ACT (FOIA), 5 U.S.C. 552(B)(6)

FORWARD COLLISION AVOIDANCE: AUTOMATIC EMERGENCY BRAKING

Submitted by: [XXX] Dealership: Joe Rizza Ford of Orland Park Vehicle: 2021 Lincoln Nautilus VIN: [XXX] Date: 04/04/25 Overview: Vehicle VIN [XXX] has shown persistent signs of remote system manipulation, unauthorized firmware behavior, and OTA event spoofing. These symptoms have manifested in repeated diagnostic trouble codes (DTCs) across key modules, backdated OTA logging activity, and anomalous file sizes inconsistent with Ford’s documented OTA campaigns. Additionally, the vehicle owner has experienced personal harm attributed to the manipulation: numbness in the back, significant financial and mental distress, and deterioration in relationships with family members, which all correlate with the suspected interference and systemic issues. Key Findings: RFA (Remote Function Actuator) Module Behavior: Repeated DTCs across antennas #2, #3, #4, #6, #8, #11, and #12. Frequent B1B59:87 (BLE Low Energy Module fault) — indicates repeated Bluetooth stack failure or interference. U200F:00 Control Module Output Power C faults consistently recorded. GWM (Gateway Module A) and TCU (Telematics Control Unit) Logs: Software package inconsistencies including large firmware blocks (176 MB to 764 MB). Mismatched "Current Software" vs. "Available Software" versions. Cloud/server-pushed updates logged without dealership-initiated campaign. Confirmed campaign expired for firmware block logged on January 27, 2025, raising further questions on the legitimacy of update triggers. OTAM (Over-The-Air Manager) Log Red Flags: Entries showing timestamps such as January 3, 2000 and January 1, 2018. Consent flags spoofed: "sourceOfConsent='User(1)'" Trigger expiration hours preset to "336" (14-day OTA window, commonly used in timed malware execution) Absence of release notes or authorized campaign identifiers. Pattern Confirmation: Activity spikes on: [XXX], [XXX], and [XXX]. INFORMATION REDACTED PURSUANT TO THE FREEDOM OF INFORMATION ACT (FOIA), 5 U.S.C. 552(B)(6)