Yesterday I posted news about how security researchers have managed to compromise a Tesla allowing them to enable previously locked features.
Today, I write about a vulnerability which has been discovered in the Wi-Fi software driver which provides the Ford SYNC3 infotainment system with communications capabilities.
SYNC3
For those who don’t drive a Ford (or a Lincoln for that matter), SYNC 3 is the system which the Ford motor company installs in many vehicles to provide the occupants with features such as Sat-Nav, Apple iPlay, Android Auto, voice commands, and much more.
The system is found in vehicles such as the Fiesta, Puma, Tourneo, Kuga, Mustang, S-Max, Galaxy, and transit ranges.
When paired with the Ford Pass app, the system allows for remote engine start, stop and unlock abilities from a smartphone.
Buffer overflow
Security researchers at Texas Instruments have identified that a software driver which allows the SYNC3 to access Wi-Fi networking has a vulnerability in that it does not limit the amount of elements a data frame can contain.
This means that if a nearby attacker sends the system a specially crafted data frame, it can cause a memory buffer overflow which can lead to the execution of arbitrary code.
The code could wipe the system completely rendering it useless.
Fix incoming
At the time of writing, Ford have not yet issued a fix to the issue, but one is expected soon. In the meantime, Ford are advising worried customers to temporarily disable the Wi-Fi option in the SYNC3 settings.