{"id":22716,"date":"2023-08-15T16:10:31","date_gmt":"2023-08-16T00:10:31","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/08\/15\/news-16446\/"},"modified":"2023-08-15T16:10:31","modified_gmt":"2023-08-16T00:10:31","slug":"news-16446","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2023\/08\/15\/news-16446\/","title":{"rendered":"Ford says it\u2019s safe to drive its cars with a WiFi vulnerability"},"content":{"rendered":"<p>Ford has <a href=\"https:\/\/media.ford.com\/content\/fordmedia\/fna\/us\/en\/news\/2023\/08\/10\/ford_provides-customer-guidance-in-response-to-supplier-disclosu.html\" target=\"_blank\" rel=\"nofollow\">released<\/a> information about a buffer overflow vulnerability in its SYNC 3 infotainment system.<\/p>\n<p>Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and Lincoln vehicles. The company said it started an investigation and&nbsp;subsequently decided that the vulnerability does not affect vehicle driving safety.<\/p>\n<p>Ford&#8217;s SYNC 3 system exists in Ford models from 2015 onward. Other than recent vehicles that&nbsp;have the newest version, most Ford vehicles have SYNC&nbsp;3. If you have a Ford Owner account, you can go to the <a href=\"https:\/\/www.ford.com\/support\/vehicle-dashboard\" target=\"_blank\" rel=\"nofollow\">Vehicle Dashboard<\/a> to see&nbsp;what version of SYNC your car has.<\/p>\n<p>Lincoln drivers can check their version on the <a href=\"https:\/\/www.lincoln.com\/support\/\" target=\"_blank\" rel=\"nofollow\">Lincoln Support site<\/a> (you will need to enter your VIN number).<\/p>\n<p>The SYNC 3 vulnerability is&nbsp;<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-29468\" target=\"_blank\" rel=\"nofollow\">CVE-2023-29468<\/a>: a <a href=\"https:\/\/www.ti.com\/lit\/er\/swra773\/swra773.pdf?ts=1691958694520\" target=\"_blank\" rel=\"nofollow\">vulnerability in the TI WiLink WL18xx MCP driver<\/a>. An attacker within wireless range of a potentially vulnerable device can gain the ability to overwrite memory of the host processor executing the MCP driver. Exploiting this vulnerability involves a malicious actor crafting a specific frame to trigger a buffer overflow, potentially leading to remote code execution (RCE).<\/p>\n<p>A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region.<\/p>\n<p>Ford&rsquo;s assessment of the vulnerability is that it is highly unlikely to be exploited, since it requires a highly skilled attacker within close proximity of the target vehicle,&nbsp;and the vehicle need to have the engine running and WiFi support enabled. Ford said it isn&#8217;t aware of any instances of exploitation.<\/p>\n<p>And even if an attacker were to gain RCE on the SYNC 3 system using this vulnerability, the potential damage would be limited, since the system is isolated from critical control functions like steering, throttling, and braking.<\/p>\n<p>Ford says that if drivers are worried, they can disable the WiFi support in the SYNC 3 infotainment system in the Settings menu, which will stop an attacker from being able to exploit the vulnerability.<\/p>\n<p>Ford is still working on a patch, which is expected in the coming weeks and will be presented including instructions how to manually install the patch using a USB flash drive.<\/p>\n<hr \/>\n<p><strong>We don&rsquo;t just report on encryption&mdash;we offer you the option to use it.<\/strong><\/p>\n<p>Privacy risks should never spread beyond a headline. Keep your online privacy yours by using <a href=\"https:\/\/www.malwarebytes.com\/vpn\">Malwarebytes Privacy VPN<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/08\/ford-says-it-is-safe-to-drive-the-cars-with-a-wifi-vulnerability\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/exploits-and-vulnerabilities\" rel=\"category tag\">Exploits and vulnerabilities<\/a><\/p>\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/news\" rel=\"category tag\">News<\/a><\/p>\n<p>Tags: Ford<\/p>\n<p>Tags:  Lincoln<\/p>\n<p>Tags:  SYNC 3<\/p>\n<p>Tags:  CVE-2023-29468<\/p>\n<p>Tags:  TI WLink<\/p>\n<p>Tags:  MCP driver<\/p>\n<p>A vulnerability in the SYNC 3 infotainment will not have a negative effect on driving safety, says Ford.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/08\/ford-says-it-is-safe-to-drive-the-cars-with-a-wifi-vulnerability\" title=\"Ford says it\u2019s safe to drive its cars with a WiFi vulnerability\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/08\/ford-says-it-is-safe-to-drive-the-cars-with-a-wifi-vulnerability\">Ford says it\u2019s safe to drive its cars with a WiFi vulnerability<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[29971,22783,24142,29969,29973,32,29970,29972],"class_list":["post-22716","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-cve-2023-29468","tag-exploits-and-vulnerabilities","tag-ford","tag-lincoln","tag-mcp-driver","tag-news","tag-sync-3","tag-ti-wlink"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=22716"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22716\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=22716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=22716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=22716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}