14 DAY TRIAL // Security researchers have managed to successfully hack a Mitsubishi Outlander PHEV SUV, which has allowed them to mess around with the car's charging system, headlights, and even turn off its alarm.
The Mitsubishi Outlander PHEV is a hybrid car that can run on both classic fuel and electrical power. The car can be plugged into anyone's electrical wall sockets and recharged at home, making it very convenient to own and use.
Mitsubishi uses different approach for managing Outlander PHEV models
Just like in the case of other modern-day Internet-connected cars, car owners can control their Outlander PHEV via a mobile app. Unlike other manufacturers, however, Mitsubishi uses a novel approach.
To cut down costs, the company has embedded a WiFi module inside the car. Users can connect with their Mitsubishi mobile app to this module and send commands to the car.
Other manufacturers use a system where the mobile app connects to their servers, which, in turn, relays commands to the car via GSM commands. This is not a better system, just different and more expensive.
Researchers hack car via its WiFi module
Researchers from Pen Test Partners, a security firm specialized in cracking IoT equipment, has successfully hacked the Outlander PHEV using a series of basic attack techniques.
Knowing that each Outlander PHEV owner receives a 7-digit WiFi access key with the car manual, the researchers managed to brute-force their way into the car's WiFi module. They said this attack could take from seconds to four days, depending on the attacker's equipment.
Once they managed to access the car's WiFi module, they were able to reverse-engineer the communications protocol used to send commands from the app to the car.
Using a simple MitM (Man-in-the-Middle) attack, the researchers were able to manage the car's headlights, its heating and cooling system, and even change its charging program to take up premium-rate electricity.
Alarms can be turned off, cars can be tracked
Even worse, the researchers were able to use the same WiFi module to turn the car's alarm off. Car thieves have been known to use hacks in the past to steal cars, and Pen Test Partners' research is bound to become a must-read for almost all criminal groups.
But the researchers’ work didn't stop here, as they also discovered that the car's WiFi module featured a simplistic numbering system for its SSID, which is a unique ID for all WiFi networks.
The format was "REMOTEnnaaaa" (n are numbers, a are lower case letters), and the researchers brute-forced the "nnaaaa" IDs and discovered live SSIDs for other Mitsubishi Outlander PHEVs in their vicinity.
Using the WiGLE.net search engine for mapping wireless networks, the researchers were able to geolocate other Outlander PHEVs across Britain, even creating a live map with all the cars at any moment.
The researchers tried to notify Mitsubishi of their problems, but the company treated them and their work with "disinterest." It was only after the Pen Test Partners crew asked a BBC reporter to relay their findings that Mitsubishi started to work with the security firm on remediating the issues.
Because the Mitsubishi mobile app can push firmware to the car's WiFi module, a fix will be arriving once Mitsubishi's engineers find a way to mitigate all attacks.
Outlander PHEV owners can mitigate attacks
In the meantime, Pen Test Partners explains there's a short-term fix for everyone's problem. Car owners can unpair all devices from the vehicle's WiFi module. To do this, they can go to the app's "Settings" section and select the "Cancel VIN Registration" option.
Once all devices are unpaired from the app, the car's WiFi module will go to sleep. The only way to restart the WiFi module at this point is to press a button on the car key ten consecutive times.
Pen Test Partners say they didn't try to access the car's CAN bus at all. If they had done, their hack would have allowed them access to more intrusive car operations, such as the ability to start the car engine's or activate its break at any time.
