Tuesday, February 18, 2025
HomeCyber Security NewsFord Cars WiFi Vulnerability Let Attackers Execute Remote Code

Ford Cars WiFi Vulnerability Let Attackers Execute Remote Code

Published on

SIEM as a Service

Follow Us on Google News

Ford recently identified a buffer overflow flaw in the Wi-Fi driver used by it in the SYNC 3 infotainment system. After the discovery, Ford quickly alerted about this flaw and disclosed the vulnerability publicly.

Car hijacking by hackers exploiting various functions of the car is known, but the real-world execution of such attacks remains challenging.

While there are certain vulnerabilities that cause immediate serious consequences, enabling threat actors to open and start the cars by exploiting the vulnerabilities remotely.

Since this system is used in the Ford and Lincoln vehicles, so, the successful exploitation of this flaw could enable threat actors to perform remote code execution.

This vulnerability has been tracked as “CVE-2023-29468,” and it was detected by a researcher who reported this flaw to the Wi-Fi module supplier, Texas Instruments (TI).

Flaw Profile

  • CVE ID: CVE-2023-29468
  • Summary: The TI WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered which can potentially lead to remote code execution.
  • TI PSIRT ID: TI-PSIRT-2022-120160
  • CVSS Score: The CVSS base score for this issue can range from 8.8 to 9.6.
  • Affected Products: WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier

Ford’s Response

The SYNC3 infotainment system offers in-car WiFi, connectivity, voice commands, and third-party apps. The vulnerability concerns Ford customers, but no known exploits were reported. 

Moreover, the attackers need physical proximity to an exposed, running engine with Wi-Fi enabled for a successful attack.

Ford’s investigation concludes that this vulnerability won’t impact vehicle safety, as the infotainment system firewall prevents control interference with steering, throttling, and braking.

Besides this, Ford assured that soon it will release the online software patch for USB installation. Meanwhile, customers who are concerned about the flaw can disable the Wi-Fi via SYNC 3’s Settings menu or check the vehicle’s SYNC 3 status online.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension

SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using...

Threat Actors Trojanize Popular Games to Evade Security and Infect Systems

A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of...

New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats

A recent study by researchers from the National University of Singapore and NCS Cyber...

New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation

A significant vulnerability has been identified in large language models (LLMs) such as ChatGPT,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension

SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using...

Threat Actors Trojanize Popular Games to Evade Security and Infect Systems

A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of...

New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats

A recent study by researchers from the National University of Singapore and NCS Cyber...