Ford has warned about a buffer overflow vulnerability present in its SYNC3 infotainment system, utilised in numerous Ford vehicles. This flaw could potentially permit remote code execution. However, Ford assures that this issue does not compromise the safety of vehicle operation.
SYNC3 stands as a contemporary infotainment framework that facilitates in-car WiFi hotspots, mobile device integration, voice-activated controls, third-party apps, and a range of other features.
This system is used in the following car models:
• Ford EcoSport (2021 – 2022)
• Ford Escape (2021 – 2022)
• Ford Bronco Sport (2021 – 2022)
• Ford Explorer (2021 – 2022)
• Ford Maverick (2022)
• Ford Expedition (2021)
• Ford Ranger (2022)
• Ford Transit Connect (2021 – 2022)
• Ford Super Duty (2021 – 2022)
• Ford Transit (2021 – 2022)
• Ford Mustang (2021 – 2022)
• Ford Transit CC-CA (2022)
The identified vulnerability, designated as CVE-2023-29468, resides within the WL18xx MCP driver of the WiFi subsystem integrated into the vehicle's infotainment system. This flaw enables an attacker within WiFi range to initiate a buffer overflow by employing a meticulously crafted frame.
As detailed in the security bulletin from the system vendor, "An attacker within wireless range of a potentially vulnerable device can gain the ability to overwrite memory of the host processor executing the MCP driver."
Upon being notified by the supplier regarding the detection of this WiFi-related vulnerability, Ford swiftly undertook actions to verify its existence, assess its potential impact, and devise counteractive measures.
Ford's official statement, accessible via the company's media platform, ensures that a software patch will be promptly released. Customers will have the option to download this patch onto a USB drive and subsequently install it in their vehicles.
The statement from Ford reads, "Soon, Ford will issue a software patch online for download and installation via USB."
In the interim, to alleviate concerns, Ford has suggested that customers worried about the vulnerability can deactivate the WiFi functionality via the Settings menu within the SYNC 3 infotainment system.
Addressing potential apprehensions, the automaker has reassured that the vulnerability is not easily exploitable. Even in the improbable event of an exploit, the safety of the targeted vehicles remains uncompromised.
Ford elaborates, "To date, we've seen no evidence that this vulnerability has been exploited, which would likely require significant expertise and would also include being physically near an individual vehicle that has its ignition and WiFi setting on."
Further analysis conducted by our investigation has determined that even in the remote event of this vulnerability being exploited, it would have no impact on the safety of individuals within the vehicle. This is due to the fact that the infotainment system is isolated through firewalls from critical functions such as steering, throttle, and braking.
The company is encouraging any researchers who have found vulnerabilities in their vehicles to send their reports directly through their HackerOne program. There have been almost 2,500 resolved bugs on this platform to date already.
