Ford says cybersecurity researcher discovered a SYNC 3 vulnerability
11 August 2023
Ford regularly works with security researchers, suppliers and other vehicle manufacturers to protect customers, products and enterprise. Ford learned from a supplier that a security researcher discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and Lincoln vehicles.
Ford said that immediately, and in collaboration with them, it began developing and validating measures to address the vulnerability.
Ford said that to date, it has seen no evidence that this vulnerability has been exploited, which would likely require significant expertise and would also include being physically near an individual vehicle that has its ignition and Wi-Fi setting on.
Ford’s investigation also found that if this vulnerability was exploited, however unlikely, it would not affect the safety of vehicle occupants, since the infotainment system is firewalled from controls such as steering, throttling and braking.
Ford will issue a software patch online for download and installation via USB. In the interim, customers who are concerned about the vulnerability can simply turn off the Wi-Fi functionality through the SYNC 3 infotainment system’s Settings menu. Customers can also find out online if their vehicles are equipped with SYNC 3.
Security researchers who want to engage with and report vulnerabilities to Ford can do so here.
Comments