Mitsubishi Outlander hybrid can be hacked

Mitsubishi Outlander hybrid can be hacked
7 June 2016

There could be a big ol' recall on the cards for Mitsubishi, as some security researchers have found that (at least) 100,000 Outlander hybrid cars have a security flaw, which allow hackers to turn off the car's alarm system, drain the battery, and control the lights.

Ken Munro, who oversaw this investigation, looked into the security of the car after a pal's Outlander showed up as a wifi access point on his smartphone.

Clearly having a decent amount of money at his disposal, he got curious, bought one of these vehicles, and promptly went about hacking it.

And hack it he did!

Most cars that come with their own app use GSM, but the Outlander uses wifi, which is not as secure.

Ken thinks that the weak security was inevitably due to Mitsubishi wanting to do a job on the cheap: "I assume that it's been designed like this to be much cheaper for Mitsubishi than [the more secure] GSM/web service/mobile app based solution."

"There's no GSM contract fees, no hosting fees, minimal development cost. This has a massive disadvantage to the user."

You can read his words and how the hack was done, by clicking here. There's also a video, if you can't be bothered with all those pesky words.

This is the latest car that's been hacked - in 2015, hackers got control of a Jeep while someone was driving it on a motorway.

There's also been vulnerabilities found in the Nissan Leaf and the Tesla Model S.

Munro contacted Mitsubishi: "Initial attempts by us to disclose privately to Mitsubishi were greeted with disinterest. We were a bit stumped at this point: As so often happens, the vendor takes no interest and public disclosure becomes an ethical dilemma."

Now, the BBC is getting involved, and suddenly, the car manufacturer are interested. They've said that Outlander owners deactivate the wifi system while they sort this out.

TOPICS:   Motoring   Privacy

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment