Security experts has discovered vulnerabilities in the Mitsubishi Outlander PHEV SUV which has allowed them to mess around with the car’s charging system, headlights, and even turn off its alarm. It is a hybrid car that can run on both classic fuel and electrical power. The car can be plugged into anyone’s electrical wall sockets and recharged at home, making it very convenient to own and use.
The company has embedded the WiFi module inside the car so that its user’s can connect with their Mitsubishi mobile app to this WiFi and send commands to the car.
Researchers from Pen Test Partners has successfully hacked the Outlander PHEV using a series of basic attack techniques. Knowing that each Outlander PHEV owner receives a 7-digit WiFi access key with the car manual, the researchers managed to brute-force their way into the car’s WiFi module. They said this attack could take from seconds to four days, depending on the attacker’s equipment.
They also discovered that the car’s WiFi module featured a simplistic numbering system for its SSID, which is a unique ID for all WiFi networks. The format was “REMOTEnnaaaa” (n are numbers, a are lower case letters), and the researchers brute-forced the “nnaaaa” IDs and discovered live SSIDs for other Mitsubishi Outlander PHEVs in their vicinity. Using the WiGLE.net search engine for mapping wireless networks, the researchers were able to geolocate other Outlander PHEVs across Britain, even creating a live map with all the cars at any moment.
As more than 100,000 Mitsubishi Outlander PHEV has been sold worldwide by the company the hack would not be a great news for its users. Pen Test Partners explains there’s a short-term fix for everyone’s problem. Car owners can unpair all devices from the vehicle’s WiFi module. To do this, they can go to the app’s “Settings” section and select the “Cancel VIN Registration” option.