What are the SYNC®* 3 Cyber Security Risks?
Lincoln takes cyber security seriously and regularly works with security researchers, suppliers, and other vehicle manufacturers to protect our clients, products, and enterprise.
Lincoln learned from a supplier that a security researcher discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system. If you are unsure which SYNC generation you have, you can check online if your vehicle is equipped with SYNC 3.
Immediately, and in collaboration with the supplier and security researcher, we began developing and validating measures to address the vulnerability. To date, we have seen no evidence that this vulnerability has been exploited, which would likely require significant expertise and include being physically near the vehicle with its ignition and Wi-Fi setting on. If this vulnerability was exploited, however unlikely, it would not affect the safety of vehicle occupants, since the infotainment system is firewalled from controls like steering, throttling, and braking.
Guidance for Cyber Security Vulnerability
Soon, Lincoln will issue a software patch online for download and installation via USB. You will be notified when the SYNC 3 patch is available by message in the Lincoln Way App. In the interim, if you are concerned about the vulnerability, you can simply turn off the Wi-Fi functionality through SYNC 3's Settings menu.
Security researchers who want to engage with and report vulnerabilities can do so on the Ford Vulnerability Disclosure Program site.
*Don’t drive while distracted. Use voice-operated systems when possible; don’t use handheld devices while driving. Some features may be locked out while the vehicle is in gear. Not all features are compatible with all phones.