Vulnerability Leaves Mitsubishi Outlander’s WiFi Open To Hacks

Three months ago, federal regulators and law enforcement officials warned carmakers that their vehicles were increasingly vulnerable to hackings. Today, security researchers revealed one such issue in the Mitsubishi Outlander that allows would-be hackers to turn off the car’s alarms. 

Security researchers from PenTestPartners revealed Monday that they were able to turn off the alarms, drain the battery, and mess with settings in the plug-in electric hybrid model of the Mitsubishi Outlander, ZDNet reports.

The issue lies within the Outlander’s WiFi module, the researchers say, and the way in which the car’s move application connects to the vehicle.

While most connected cars have a cellular modem for connectivity, the Outlander allows owners to access its remote functions by connecting to the car’s own distinctly named WiFi network.

PenTestPartners found that the vehicle’s WiFi module “has not been implemented securely” and that the pre-shared key easily crackable.

Once connected to the vehicle, the researchers found they could play with the lights or climate control, lock or unlock the doors remotely, and disable the alarm.

“Once unlocked, there is potential for many more attacks,” the team says. “The onboard diagnostics port is accessible once the door is unlocked.”

PenTestPartners tells ZDNet that when they first approached Mitsubishi the carmaker was “disinterested” in the issue.

However, Mitsubishi tells ZDNet that the hacking was a “first for us as no other has been reported anywhere else in the world” and the company is taking the issue seriously.

The company says that while it investigates the issue, owners should disable their onboard WiFi in the app by canceling the VIN registration.

Mitsubishi Outlander car alarm can be hacked through Wi-Fi [ZDNet]