Security News > 2023 > August > Ford SYNC 3 infotainment vulnerable to drive-by Wi-Fi hijacking
Ford has suggested owners of vehicles equipped with its SYNC 3 infotainment system disable the Wi-Fi lest someone nearby exploits a buffer-overflow vulnerability and hijacks the equipment.
According to [PDF] Texas Instruments, maker of the vulnerable Wi-Fi chipset in Ford vehicles, the flaw merits a 9.6 on the 10-point CVSS severity scale at the worst, and an 8.8 at minimum.
Still, Ford wants affected vehicle owners to know that the issue doesn't make their cars unsafe to drive.
A Ford spokesman told The Reg that once the software update becomes available, if customers chose to connect the SYNC 3 Wi-Fi functionality to a network, they could receive this update via OTA delivery.
While waiting for the patch, Ford says concerned owners of affected vehicles can turn Wi-Fi functionality off in SYNC 3's Settings menu to avoid exploitation.
SYNC 3 shipped with at least model year 2021 and 2022 vehicles, including the Ford Escape, Explorer, Mustang, Transit, and Super Duty.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/08/14/ford_sync_vulnerability/