HQ/EMEAFind out how we can help your business
The famous US car manufacturing company, Ford, stated that the critical flaw in its TI WiFi driver on the infotainment system of its units would not create a security compromise for its drivers.
Researchers identify the flaw as CVE-2023-29468. The bug affects the Texas Instruments-supplied driver applied in the infotainment system of every car offered by Ford. Based on reports, the issue is a buffer overflow that could result in RCE. Hence, an attacker within the wireless range of a flawed device could exploit the vulnerability using a specially developed frame.
The researchers explained that the critical severity score of the newly discovered bug ranges from 8.8 to 9.6 and depends on the confidentiality and integrity impact of compromised systems.
Ford responds by claiming they are now developing a solution to address the flaw.
Ford announced that it has been cooperating with its chip manufacturer to create and validate the measures that could address the security vulnerability.
Additionally, this US-based car company revealed that they have yet to see proof that the vulnerability has suffered exploitation. They believe the actors could exploit the flaw if they have specific expertise and a scenario where the targeted car is on and has the WiFi settings enabled.
The car manufacturer also noted that the bug would not compromise the drivers’ safety even if the threat actors exploit the new bug since the infotainment system has a firewall that does not affect the vehicle’s steering, braking, and throttling capability.
Furthermore, the company explained that they will soon disseminate the patch that addresses the bug. Users could install the update through their cars’ USB ports. Users who doubt their safety while using their vehicles can turn off the WiFi functionality in the infotainment’s Settings menu. Lastly, Ford urges their customers to visit their website to know if their cars belonged to the affected units of the vulnerability.
Cybersecurity experts explained that the most sophisticated hackers could attempt to exploit such vulnerabilities. However, it would be challenging for many as conditions should be met before they could initiate an attempt.
