Skip to content
Ford HQ Avatar
Ford HQ
10.08.23

Ford Provides Customer Guidance In Response To Supplier Disclosure Of Cyber Security Vulnerability

Ford takes cyber security seriously and regularly works with security researchers, suppliers and other vehicle manufacturers to protect our customers, products and enterprise. 

Ford learned from a supplier that a security researcher discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and Lincoln vehicles. Immediately, and in collaboration with them, we began developing and validating measures to address the vulnerability. 

To date, we’ve seen no evidence that this vulnerability has been exploited, which would likely require significant expertise and would also include being physically near an individual vehicle that has its ignition and Wi-Fi setting on. Our investigation also found that if this vulnerability was exploited, however unlikely, it would not affect the safety of vehicle occupants, since the infotainment system is firewalled from controls like steering, throttling and braking. 

Soon, Ford will issue a software patch online for download and installation via USB. In the interim, customers who are concerned about the vulnerability can simply turn off the Wi-Fi functionality through the SYNC 3 infotainment system’s Settings menu. Customers can also find out online if their vehicles are equipped with SYNC 3.

Security researchers who want to engage with and report vulnerabilities to Ford can do so here. 

Update March 20, 2025

To eliminate the Wi-Fi software vulnerability in vehicles with the SYNC 3 infotainment system, Ford has issued a software patch for customers to download online and install on their vehicle via a USB device. While a software patch was being developed, we provided guidance to customers concerned about the vulnerability to simply turn off the Wi-Fi function through their SYNC 3 infotainment system, which eliminates the vulnerability and is an action that customers can continue to take if the software patch is not downloaded. As of March 2025, there have been no reported incidents related to this issue.

To install this software patch, customers can go to www.ford.com/support/sync-maps-updates, enter their VIN, and follow the provided instructions. If the vehicle is already at the latest software level, then no additional updates are required, and no downloads will be available. If a customer is unsure which SYNC generation they have, they can check online or through their vehicle’s system settings.