Ford takes cyber security seriously and regularly works with security researchers, suppliers and other vehicle manufacturers to protect our customers, products and enterprise.
Ford learned from a supplier that a security researcher discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and Lincoln vehicles. Immediately, and in collaboration with them, we began developing and validating measures to address the vulnerability.
To date, we’ve seen no evidence that this vulnerability has been exploited, which would likely require significant expertise and would also include being physically near an individual vehicle that has its ignition and Wi-Fi setting on. Our investigation also found that if this vulnerability was exploited, however unlikely, it would not affect the safety of vehicle occupants, since the infotainment system is firewalled from controls like steering, throttling and braking.
Soon, Ford will issue a software patch online for download and installation via USB. In the interim, customers who are concerned about the vulnerability can simply turn off the Wi-Fi functionality through the SYNC 3 infotainment system’s Settings menu. Customers can also find out online if their vehicles are equipped with SYNC 3.
Security researchers who want to engage with and report vulnerabilities to Ford can do so here.
SOURCE: Ford
