Security News > 2023 > August > Ford says cars with WiFi vulnerability still safe to drive
Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn't impacted.
The vulnerability is tracked as CVE-2023-29468 and is in the WL18xx MCP driver for the WiFi subsystem incorporated in the car's infotainment system, which allows an attacker in WiFi range to trigger buffer overflow using a specially crafted frame.
Ford was informed by the supplier about the discovery of the WiFi flaw and took immediate action to validate it, estimate the impact, and develop mitigation measures.
"Soon, Ford will issue a software patch online for download and installation via USB," reads Ford's announcement.
"In the interim, customers who are concerned about the vulnerability can simply turn off the WiFi functionality through the SYNC 3 infotainment system's Settings menu."
"To date, we've seen no evidence that this vulnerability has been exploited, which would likely require significant expertise and would also include being physically near an individual vehicle that has its ignition and WiFi setting on," explains Ford.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-29468 | Classic Buffer Overflow vulnerability in TI Wilink8-Wifi-Mcp8 8.5 The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. | 9.8 |