Ford recently identified a buffer overflow flaw in the Wi-Fi driver used by it in the SYNC 3 infotainment system. After the discovery, Ford quickly alerted about this flaw and disclosed the vulnerability publicly.
Car hijacking by hackers exploiting various functions of the car is known, but the real-world execution of such attacks remains challenging.
While there are certain vulnerabilities that cause immediate serious consequences, enabling threat actors to open and start the cars by exploiting the vulnerabilities remotely.
Since this system is used in the Ford and Lincoln vehicles, so, the successful exploitation of this flaw could enable threat actors to perform remote code execution.
This vulnerability has been tracked as “CVE-2023-29468,” and it was detected by a researcher who reported this flaw to the Wi-Fi module supplier, Texas Instruments (TI).
Flaw Profile
- CVE ID: CVE-2023-29468
- Summary: The TI WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered which can potentially lead to remote code execution.
- TI PSIRT ID: TI-PSIRT-2022-120160
- CVSS Score: The CVSS base score for this issue can range from 8.8 to 9.6.
- Affected Products: WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier
Ford’s Response
The SYNC3 infotainment system offers in-car WiFi, connectivity, voice commands, and third-party apps. The vulnerability concerns Ford customers, but no known exploits were reported.
Moreover, the attackers need physical proximity to an exposed, running engine with Wi-Fi enabled for a successful attack.
Ford’s investigation concludes that this vulnerability won’t impact vehicle safety, as the infotainment system firewall prevents control interference with steering, throttling, and braking.
Besides this, Ford assured that soon it will release the online software patch for USB installation. Meanwhile, customers who are concerned about the flaw can disable the Wi-Fi via SYNC 3’s Settings menu or check the vehicle’s SYNC 3 status online.
Wireless Security Architecture: Designing and Maintaining Secure Wireless for Enterprise
InfoSec tools | InfoSec services | InfoSec books
