Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Researchers Hack Mitsubishi Outlander PHEV

Hackers Can Disable Alarm on Mitsubishi Outlander PHEV Cars

Hackers Can Disable Alarm on Mitsubishi Outlander PHEV Cars

Researchers from UK-based penetration testing and security services firm Pen Test Partners discovered that the mobile applications for the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV) are plagued by vulnerabilities that can be exploited by hackers to remotely control some of the car’s features.

Mitsubishi Outlander PHEV is a popular SUV whose owners can control various functions remotely using an iOS or Android application. Unlike other vehicles, which can be controlled over long distances via GSM networks, the Outlander PHEV apps use Wi-Fi to connect the phone directly to the car when the device is in range of the vehicle’s Wi-Fi access point.

Researchers have analyzed this connectivity method and discovered that the Wi-Fi Protected Access Pre-Shared Key (WPA-PSK), which is used to authenticate and validate the connection, is included in the owner’s manual and it can be easily cracked. It took experts less than four days to crack it, but they believe it could be done almost instantly using £1,000 ($1,400) worth of cloud computing resources.

Pen Test Partners discovered that each Outlander PHEV access point has a unique SSID. Since the SSIDs have the same format, it’s easy for someone to find the geographical location of these vehicles using wireless network mapping services such as WiGLE.

A man-in-the-middle (MitM) attack launched against the connection between the mobile app and the vehicle revealed that it uses a relatively simple binary protocol that is easy to understand and reverse engineer.

Researchers demonstrated that an attacker who is in range of the car’s Wi-Fi access point can control various functions, such as turning the lights or the air conditioning on and off, or playing around with battery charging features — all of which could be used to drain the battery. The most concerning issue, however, is that a hacker could disable the car’s alarm.

“Once unlocked, there is potential for many more attacks. The on board diagnostics port is accessible once the door is unlocked. Whilst we haven’t looked in detail at this, you may recall from a hack of some BMW vehicles which suggested that the OBD port could be used to code new keys for the car,” researchers explained. “We also haven’t looked at connections between the Wi-Fi module and the Wi-Fi module and the Controller Area Network (CAN). There is certainly access to the infotainment system from the Wi-Fi module.”

Advertisement. Scroll to continue reading.


While initially it did not take their findings seriously, researchers say Mitsubishi is now working on addressing the issues they discovered. SecurityWeek has reached out to the company for comment.

In the meantime, users can protect their cars against potential attacks by unpairing their mobile devices from the vehicle’s access point (Settings->Cancel VIN Registration). If all mobile devices are unpaired, the Wi-Fi module goes to sleep and will only be re-enabled if the key remote is pressed ten times.

The vulnerabilities found by Pen Test Partners are similar to the ones identified by researchers earlier this year in the Nissan LEAF. However, in the LEAF’s case, experts showed that attacks could be conducted from halfway around the world.

Related Reading: Karamba Security Emerges From Stealth to Protect Cars From Hackers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.