Hackers Can Disable Alarm on Mitsubishi Outlander PHEV Cars
Researchers from UK-based penetration testing and security services firm Pen Test Partners discovered that the mobile applications for the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV) are plagued by vulnerabilities that can be exploited by hackers to remotely control some of the car’s features.
Mitsubishi Outlander PHEV is a popular SUV whose owners can control various functions remotely using an iOS or Android application. Unlike other vehicles, which can be controlled over long distances via GSM networks, the Outlander PHEV apps use Wi-Fi to connect the phone directly to the car when the device is in range of the vehicle’s Wi-Fi access point.
Researchers have analyzed this connectivity method and discovered that the Wi-Fi Protected Access Pre-Shared Key (WPA-PSK), which is used to authenticate and validate the connection, is included in the owner's manual and it can be easily cracked. It took experts less than four days to crack it, but they believe it could be done almost instantly using £1,000 ($1,400) worth of cloud computing resources.
Pen Test Partners discovered that each Outlander PHEV access point has a unique SSID. Since the SSIDs have the same format, it’s easy for someone to find the geographical location of these vehicles using wireless network mapping services such as WiGLE.
A man-in-the-middle (MitM) attack launched against the connection between the mobile app and the vehicle revealed that it uses a relatively simple binary protocol that is easy to understand and reverse engineer.
Researchers demonstrated that an attacker who is in range of the car’s Wi-Fi access point can control various functions, such as turning the lights or the air conditioning on and off, or playing around with battery charging features — all of which could be used to drain the battery. The most concerning issue, however, is that a hacker could disable the car’s alarm.
“Once unlocked, there is potential for many more attacks. The on board diagnostics port is accessible once the door is unlocked. Whilst we haven’t looked in detail at this, you may recall from a hack of some BMW vehicles which suggested that the OBD port could be used to code new keys for the car,” researchers explained. “We also haven’t looked at connections between the Wi-Fi module and the Wi-Fi module and the Controller Area Network (CAN). There is certainly access to the infotainment system from the Wi-Fi module.”
While initially it did not take their findings seriously, researchers say Mitsubishi is now working on addressing the issues they discovered. SecurityWeek has reached out to the company for comment.
In the meantime, users can protect their cars against potential attacks by unpairing their mobile devices from the vehicle’s access point (Settings->Cancel VIN Registration). If all mobile devices are unpaired, the Wi-Fi module goes to sleep and will only be re-enabled if the key remote is pressed ten times.
The vulnerabilities found by Pen Test Partners are similar to the ones identified by researchers earlier this year in the Nissan LEAF. However, in the LEAF’s case, experts showed that attacks could be conducted from halfway around the world.
Related Reading: Karamba Security Emerges From Stealth to Protect Cars From Hackers