–
Mitsubishi has some extra homework to do before it starts importing the 2017 Outlander PHEV this fall. Apparently, it can be hacked.
–
–
A British cybersecurity company claims to have hacked into the Outlander’s Wi-Fi access and performed a relatively innocuous level of mischief, such as turning on the climate control and the headlights, scheduling the battery charge time, and disabling the alarm system. The company, Pen Test Partners, says it bought a new plug-in hybrid Outlander after noticing the factory smartphone app had an “unusual method of connecting to the vehicle.”
–
Without computer science degrees, we won’t attempt to get into code discussions. But the company claims that Mitsubishi, instead of using a cellular-based network to communicate globally with any authorized smartphone running the app, uses a Wi-Fi access point instead. That means the app and its remote functions won’t control the car from beyond a range of a couple hundred feet. This seems like a more secure solution on its face, except that Mitsubishi’s 10-character Wi-Fi password was relatively simple to crack. Once that was accomplished, the hackers could find the encrypted “handshake” that authorizes devices to connect to the car.
–
Aside from playing with the lights and other remote functions, they were not able to delve into the car’s CAN bus to control the steering, throttle, or other critical functions. They also did not demonstrate the ability to unlock the car, although they were able to locate other Outlander PHEVs in Britain, since all of the cars share the same IP address. It’s also important to note that it took them four days to crack the password. Fundamentally, the hack isn’t much different than the Nissan Leaf smartphone app flaw that was discovered by an Australian software developer in February.
–
–
- –
- Can Your Car Really Be Hacked? Six Points to Know
-
–
- Nissan Blocking Leaf Smartphone App Due to Security Flaw
-
–
- Mitsubishi Outlander Research: Photos, Pricing, Specs, and More!
-
–
–
–
Pen Test Partners says it informed Mitsubishi and that the manufacturer is working on a fix. In the meantime, they’re suggesting that Outlander PHEV owners disable the car’s Wi-Fi connectivity altogether. We’ve contacted Mitsubishi about what this might mean for the U.S.-spec car, and we’ll update when we hear back.
–
from Car and Driver Blog http://blog.caranddriver.com/whats-the-password-mitsubishi-outlander-plug-in-hacked-over-wi-fi/
No comments:
Post a Comment