Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker!, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!

Results 1 to 2 of 2
  1. #1
    EyeS Of TiGeRs
    kirill's Avatar
    Reputation Points
    Reputation Power
    Join Date
    Aug 2017
    Time Online
    563 d 3 h 53 m
    Avg. Time Online
    5 h 52 m
    4439 Post(s)
    882 Post(s)
    12928 times
    879 (100%)

    Ford says cars with WiFi vulnerability still safe to drive

    Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn't impacted.

    SYNC3 is a modern infotainment system that supports in-vehicle WiFi hotspots, phone connectivity, voice commands, third-party applications, and more.

    The particular system is used in the following car models:

    • Ford EcoSport (2021 2022)
    • Ford Escape (2021 2022)
    • Ford Bronco Sport (2021 2022)
    • Ford Explorer (2021 2022)
    • Ford Maverick (2022)
    • Ford Expedition (2021)
    • Ford Ranger (2022)
    • Ford Transit Connect (2021 2022)
    • Ford Super Duty (2021 2022)
    • Ford Transit (2021 2022)
    • Ford Mustang (2021 2022)
    • Ford Transit CC-CA (2022)

    Nearby attackers

    The vulnerability is tracked as CVE-2023-29468 and is in the WL18xx MCP driver for the WiFi subsystem incorporated in the car's infotainment system, which allows an attacker in WiFi range to trigger buffer overflow using a specially crafted frame.

    "An attacker within wireless range of a potentially vulnerable device can gain the ability to overwrite memory of the host processor executing the MCP driver," reads the system vendor's security bulletin.

    Ford was informed by the supplier about the discovery of the WiFi flaw and took immediate action to validate it, estimate the impact, and develop mitigation measures.

    In a statement released on Ford's media portal, the carmaker promises to make a software patch available soon, which customers will be able to load on a USB stick and install on their vehicles.

    "Soon, Ford will issue a software patch online for download and installation via USB," reads Ford's announcement.

    "In the interim, customers who are concerned about the vulnerability can simply turn off the WiFi functionality through the SYNC 3 infotainment system's Settings menu."

    To further appease any concerns, the American carmaker has also stated that the flaw isn't easy to exploit, and even in that unlikely scenario, it wouldn't put the safety of targeted vehicles at risk.

    "To date, we've seen no evidence that this vulnerability has been exploited, which would likely require significant expertise and would also include being physically near an individual vehicle that has its ignition and WiFi setting on," explains Ford.

    "Our investigation also found that if this vulnerability was exploited, however unlikely, it would not affect the safety of vehicle occupants, since the infotainment system is firewalled from controls like steering, throttling and braking."

    Finally, the company invites any security researchers who have discovered vulnerabilities in its vehicles to submit their reports directly on the company's HackerOne program, through which it has so far resolved nearly 2,500 bugs.

  2. #2
    User Gaarun's Avatar
    Reputation Points
    Reputation Power
    Join Date
    Oct 2022
    Time Online
    5 h 28 m
    Avg. Time Online
    0 Post(s)
    0 Post(s)
    Well glad to hear that Ford Transit is in the list, because i have one and my concern is the safety of myself in my vehicle. And what i think is that every vulnerability can be demolished oif you use right tools. For example i could demolish vulnerability in my rv by buying and using keyless rv entry lock it is a good thing indeed. So i think if the work will be proper, than every vulnerability can be dealt with in no time
    Last edited by Gaarun; 5 Days Ago at 04:43 PM.

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts