Ford Cars With WiFi Are Vulnerable To Pwnage

My wife and I have avoided owning any “connected” cars because of the fact that if you connect anything to the Internet, it can potentially be pwned by hackers. Fiat/Chrysler who is now known as Stellantis found that out a few years ago where some white hat hackers demonstrated that these cars can be fully taken over remotely. Which in turn led to a huge recall.

Now it seems to be Ford’s turn. Texas Instruments has identified a flaw that allows a nearby attacker via WiFi to trigger a buffer overflow using a specially crafted frame because a flaw in the driver that is used to run the WiFi subsystem. Ford uses this WiFi subsystem in their SYNC3 infotainment system which is found in the following list of vehicles at the very least:

  • Ford EcoSport (2021 – 2022)
  • Ford Escape (2021 – 2022)
  • Ford Bronco Sport (2021 – 2022)
  • Ford Explorer (2021 – 2022)
  • Ford Maverick (2022)
  • Ford Expedition (2021)
  • Ford Ranger (2022)
  • Ford Transit Connect (2021 – 2022)
  • Ford Super Duty (2021 – 2022)
  • Ford Transit (2021 – 2022)
  • Ford Mustang (2021 – 2022)
  • Ford Transit CC-CA (2022)

Ford has put out a press release that says the following:

Ford learned from a supplier that a security researcher discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and Lincoln vehicles. Immediately, and in collaboration with them, we began developing and validating measures to address the vulnerability.   

To date, we’ve seen no evidence that this vulnerability has been exploited, which would likely require significant expertise and would also include being physically near an individual vehicle that has its ignition and Wi-Fi setting on. Our investigation also found that if this vulnerability was exploited, however unlikely, it would not affect the safety of vehicle occupants, since the infotainment system is firewalled from controls like steering, throttling and braking.  

Soon, Ford will issue a software patch online for download and installation via USB. In the interim, customers who are concerned about the vulnerability can simply turn off the Wi-Fi functionality through the SYNC 3 infotainment system’s Settings menu. Customers can also find out online if their vehicles are equipped with SYNC 3. 

Needless to say, Ford owners with SYNC3 should install this patch whenever this patch appears. And for the record, I am not buying what Ford is saying here completely. I say that because the bulletin from Texas Instruments says this:

The CVSS base score for this issue can range from 8.8 to 9.6. The higher base score reflects a Confidentiality and Integrity impact of High. However, some systems can have a Confidentiality or Integrity Impact of Low depending on the characteristics of the host processor executing the WL18xx MCP driver and whether the disclosure or modification of the memory that can be accessed represents a direct or serious loss.

So, depending on how Ford uses this driver, this could be kind of an minimal to non-issue, or it could be extremely bad. I for one would like to see Ford shed more light on this as would either reassure Ford owners if it is the former, or push them to turn off WiFi until the patch comes out. The fact that Ford is suggesting (not recommending to be clear) that people who are concerned turn off the WiFi in their cars kind of suggests to me that it might be the latter. But I have zero evidence to back that up. It’s just a hunch on my part.

I for one hope Ford gets this patch out quickly. And this reinforces the fact that my wife and I when we get our next car will lean towards one that is “disconnected.”

Leave a Reply

%d bloggers like this: