Ford Motor Co. in Dearborn is working with security researchers, suppliers, and other vehicle manufacturers to protect its customers, products, and enterprise against a Wi-Fi software vulnerability discovered by a supplier.
A security researcher recently discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and Lincoln vehicles.
The company immediately, and in collaboration with the supplier, began developing and validating measures to address the vulnerability.
To date, Ford officials have seen no evidence the vulnerability has been exploited, which would likely require significant expertise, and also would include being physically near an individual vehicle that has its ignition and Wi-Fi setting on.
The company’s investigation also found that if the vulnerability was exploited, however unlikely, it would not affect the safety of vehicle occupants, since the infotainment system is firewalled from controls like steering, throttling, and braking.
Soon, Ford will issue a software patch online for download and installation via USB. In the interim, customers who are concerned about the vulnerability can simply turn off the Wi-Fi functionality through the SYNC 3 infotainment system’s settings menu. Customers also can find out online if their vehicles are equipped with SYNC 3.
Security researchers who want to engage with and report vulnerabilities to Ford can do so here.
