Ford SYNC 3 infotainment vulnerable to drive-by Wi-Fi hijacking

2023-08-14 20:48

Ford has suggested owners of vehicles equipped with its SYNC 3 infotainment system disable the Wi-Fi lest someone nearby exploits a buffer-overflow vulnerability and hijacks the equipment.

According to [PDF] Texas Instruments, maker of the vulnerable Wi-Fi chipset in Ford vehicles, the flaw merits a 9.6 on the 10-point CVSS severity scale at the worst, and an 8.8 at minimum.

Still, Ford wants affected vehicle owners to know that the issue doesn't make their cars unsafe to drive.

A Ford spokesman told The Reg that once the software update becomes available, if customers chose to connect the SYNC 3 Wi-Fi functionality to a network, they could receive this update via OTA delivery.

While waiting for the patch, Ford says concerned owners of affected vehicles can turn Wi-Fi functionality off in SYNC 3's Settings menu to avoid exploitation.

SYNC 3 shipped with at least model year 2021 and 2022 vehicles, including the Ford Escape, Explorer, Mustang, Transit, and Super Duty.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/08/14/ford_sync_vulnerability/

#hijacking #wifi