Over the years, if there’s one thing that’s become abundantly clear, it’s that there isn’t really any kind of software out there that hackers can’t exploit. It might take some time, but eventually, those resourceful folks find a way, and Ford is no stranger to these types of breaches, either. In fact, the automaker avoided a data breach back in 2021 thanks to a group of “friendly” hackers that found a weakness before their more nefarious counterparts could gain access, while yet another one pertaining to remote access to vehicles was discovered and addressed this past January. Now, Ford itself has revealed that it has discovered a vulnerability in vehicles equipped with Sync 3, too.
Ford recently learned that a security researcher – or one of these friendly hackers – discovered a vulnerability in the wi-fi software driver that a supplier provides to it for the Sync 3 infotainment system. The automaker immediately worked with the supplier of that driver to develop a way to address the vulnerability before hackers could exploit it, which to its knowledge, hasn’t happened yet. Additionally, FoMoCo notes that exploiting this particular vulnerability would require a person to be physically near a vehicle that has its ignition and wi-fi turned on.
During the course of its investigation, Ford learned that if someone did manage to exploit this vulnerability in Sync 3 – which is unlikely – it would not affect the safety of those inside of the vehicle, as the infotainment system contains a firewall that prevents hackers from gaining access to things like the throttle, steering, and braking.
In any event, Ford is working on a software patch that will soon be available to download and install via a USB port. In the meantime, Ford is instructing customers who are concerned about this vulnerability to turn off their vehicle’s wi-fi functionality via the settings menu, which will prevent anyone from gaining access until the patch is finished.