Security flaws discovered in Mitsubishi Outlander


A group of researchers has found that the alarm system on the Mitsubishi Outlander hybrid car can easily be turned off via security bugs found in its onboard wi-fi network.

Currently, many other car manufacturers use a web-based service to secure vehicles and to enable owners to lock cars remotely from their apps. These commands are sent through servers and then sent back to the car over the mobile network. However, Mitsubishi has allowed just the apps talk to cars via the wi-fi system on the car. This means that the access points, according to researchers, are distinctly named allowing thieves and hackers to track potential targets, locate cars of interest and break in.

The researchers carried out their investigation on gaining access to the car. They made sure they did not have special access to the vehicle. The group managed to gain access to force the vehicle to flash its lights, also changed the system on how the car is charged and draining the battery completely. They also discovered they were able to turn off the alarm.

According to the lead researcher, Ken Munro, once a thief was aware the car alarm would not go off they could then use this to gain access to the car eventually. Once they had access, the diagnostics board would allow hackers and thieves to use customised hardware, which could enable them to drive away with the car. “Once unlocked, there is potential for many more attacks. The onboard diagnostics port is accessible once the door is unlocked,” he said.

The researchers recently demonstrated the security flaws and issues with the on-board wi-fi system to Mitsubishi, who promptly released a statement stating: “This hacking is a first for us as no other has been reported anywhere else in the world. It should be noted that without the remote control device, the car cannot be started and driven away.”

The company also expressed a keen interest in getting Mr Munro talking to its engineers in Japan to work out how to remedy the flaws he had discovered.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *