PSA: Owners of Ford vehicles made after 2015 should check if their infotainment systems use the company's Sync 3 software and, if so, deactivate Wi-Fi. The company recently disclosed a severe vulnerability in the firmware's Wi-Fi drivers enabling remote code execution. A patch is currently in development.
Texas Instruments recently alerted Ford to a Wi-Fi driver flaw that makes the software it supplies for the automaker's Sync 3 infotainment system susceptible to hijacking. The core problem is that the TI WiLink WL18xx MCP driver allows unlimited information elements (IEs) to be parsed in a management frame. Drivers can check their system's version number under Settings > General > About SYNC.
This flaw potentially enables an attacker to trigger a buffer overflow, overwrite the host processor's memory, and execute remote code. The exploit carries a CVSS severity ranging between 8.8 and 9.6 out of 10. It isn't clear what other devices or operating systems use the affected driver, but any that do would presumably be vulnerable.
Ford stresses that the infotainment system is firewalled from critical functions like steering, throttling, and braking, meaning anyone who hacks it can't endanger a vehicle's occupants. Furthermore, an attacker must be within Wi-Fi range with the ignition engaged to exploit the vulnerability. So far, there's no evidence of this occurring, but users should deactivate Wi-Fi in Settings > Wi-Fi > Vehicle connectivity to be safe. The automaker plans to issue a security update soon.
Usually, Ford vehicles update their infotainment systems over Wi-Fi. However, since the problem is the Wi-Fi, the company advises users to download the patch onto a USB drive using a PC. Those affected should regularly check Ford's support website for updates.
Sync 3 is either pre-installed or available in Ford models from 2015 onward. The company's newest infotainment system is Sync 4 – available in vehicles from 2021 and later. Ford hasn't disclosed any vulnerabilities in the newer version.
The Wi-Fi exploit impacts one of the primary pillars of Ford's recent push into high-tech cars – over-the-air updates that effectively turn the company's vehicles into connected computers. Last year, the company emphasized the need for tight cybersecurity that its new products require, with the unfortunate side effect of blocking access to third-party tuners. Critical security incidents like this wireless vulnerability will probably become more common.
Story correction (Aug. 18): A Ford representative reached out to us for a correction. We had stated earlier that some owners using Sync 3 could upgrade to Sync 4, but that is not accurate. Sync 3 and Sync 4 are completely different systems and use different hardware, so there's no upgrade path from one software system to the other.