Skip advert
Advertisement

Mitsubishi Outlander PHEV at risk of hacking

Security experts showed how hackers and thieves can exploit a weakness in the Mitsubishi Outlander PHEV's Wi-Fi system to disarm the alarm

Mitsubishi Outlander PHEV - front

The Mitsubishi Outlander PHEV - UK's best selling plug-in electric car - has become the latest car susceptible to hacking, after weaknesses in the car's on-board Wi-Fi security allowed researchers to turn off security alarms.

Security expert Ken Munro and his colleagues at Pent Test Partners security firm began investigating the Outlander PHEV after Munro noticed the mobile app used to communicate with the car had an unusual characteristic.

Advertisement - Article continues below

Most mobile apps use a GSN module to communicate between the car and the mobile phone, but the Outlander PHEV does without one. Instead, the Mitsubishi has a wireless access point on-board the car, which means it can be talked to directly.

Munro then realised the password to the Wi-Fi key can be easily cracked. He said: “The password is not long enough. The format is four lower cases, plus six numeric digits. That just isn’t enough.” On a relatively slow cracking rig, it took Munro and his team just four days to crack the password key. With top notch software the key can be accessed within a day. 

Munro then looked if there was any more security between phone and the Wi-Fi access point other than the key. He said: “ We listened to look at the traffic going between the car and the device, and discovered a relatively simple binary protocol that was incredibly straightforward to understand and reverse engineer.”

This allowed Munro to communicate with the car directly, and gave him control of functions like lights and air-conditioning, and more worryingly, access to the charging and security status. Munro was able to turn off the car’s alarm and disconnect it from charging, showing how potential perps could break into the car and drive away with it. 

A short-term fix exists, according to Munro. He advises to first unpair all mobile devices that have been connected with the car's access point. Then, using the app, he advises users to go to 'Settings' and select 'Cancel VIN registration', to effectively put the device to sleep. A long-term fix would require intervention from Mitsubishi. 

Mitsubishi has since said it has taken the “matter seriously". It also pointed out that the hack affects the car's app and gives hackers limited access: “It should be noted that without the remote control device, the car cannot be started and driven away." 

Are you worried about car hackers? Tell us in the comments below...

Skip advert
Advertisement
Skip advert
Advertisement

Recommended

Road tax set to rise in April: here’s how much more you’ll pay
Road tax documentation
News

Road tax set to rise in April: here’s how much more you’ll pay

Drivers with newer cars will now pay £10 more per year, although the biggest gas guzzlers fare even worse
28 Mar 2024
‘Secret’ UK courts are fast-tracking speeding fines say magistrates
Speed camera van window
News

‘Secret’ UK courts are fast-tracking speeding fines say magistrates

New guidance from Magistrates’ Association calls for reform and aims to expose ‘secret’ Single Justice Procedure system
26 Mar 2024
Low on stock: Only 1-in-10 UK supermarkets offer electric car charging
Polestar 2 and LEVC TX connected to Sainsburys EV chargers
News

Low on stock: Only 1-in-10 UK supermarkets offer electric car charging

A survey by Zap-Map and the RAC reveals only 13% of supermarkets are equipped with EV chargers, despite a 59% increase in the past year
22 Mar 2024
Mis-sold car finance scandal: could you be due compensation?
Missold car finance
News

Mis-sold car finance scandal: could you be due compensation?

Did you buy a car on finance between April 2007 and January 2021? You could be owed thousands!
21 Mar 2024

Most Popular

Road tax set to rise in April: here’s how much more you’ll pay
Road tax documentation
News

Road tax set to rise in April: here’s how much more you’ll pay

Drivers with newer cars will now pay £10 more per year, although the biggest gas guzzlers fare even worse
28 Mar 2024
Posh new trim level for Dacia Sandero while the Sandero Stepway gets more power
Dacia Sandero - front
News

Posh new trim level for Dacia Sandero while the Sandero Stepway gets more power

Both the Sandero and Sandero Stepway ranges have been tweaked, gaining more safety features to meet the latest regulations
26 Mar 2024
Huge Audi new car blitz to bring us 9 models in 2 years
Upcoming Audi models - four-way image
News

Huge Audi new car blitz to bring us 9 models in 2 years

After a quiet few years, the German giant is gearing up for its biggest product onslaught to date
25 Mar 2024