Jump to content
Forums Gone... but not forgotten!
Pontiac of the Month

FBIRD69's 1969 Firebird

2024 March
of the Month

  • Rev up your passion for Pontiacs and join our vibrant community of enthusiasts!

    Whether you're a die-hard fan of classic muscle cars or you've got a soft spot for sleek modern models, you've found your home here at Forever Pontiac. Our community is dedicated to celebrating everything Pontiac, from the iconic GTO to the legendary Firebird and everything in between.

    Unlock access to expert advice, stunning photo galleries, engaging discussions, exclusive events, and more!

    Start your Pontiac journey with us today!

    Sign up now! 🏁

Car and Driver: What’s the Password? Mitsubishi Outlander Plug-in Hacked Over Wi-Fi


FeedBot

Recommended Posts

2017 Mitsubishi Outlander PHEV

-

Mitsubishi has some extra homework to do before it starts importing the 2017 Outlander PHEV this fall. Apparently, it can be hacked.

-

-

A British cybersecurity company claims to have hacked into the Outlander’s Wi-Fi access and performed a relatively innocuous level of mischief, such as turning on the climate control and the headlights, scheduling the battery charge time, and disabling the alarm system. The company, Pen Test Partners, says it bought a new plug-in hybrid Outlander after noticing the factory smartphone app had an “unusual method of connecting to the vehicle.”

-

Without computer science degrees, we won’t attempt to get into code discussions. But the company claims that Mitsubishi, instead of using a cellular-based network to communicate globally with any authorized smartphone running the app, uses a Wi-Fi access point instead. That means the app and its remote functions won’t control the car from beyond a range of a couple hundred feet. This seems like a more secure solution on its face, except that Mitsubishi’s 10-character Wi-Fi password was relatively simple to crack. Once that was accomplished, the hackers could find the encrypted “handshake” that authorizes devices to connect to the car.

-

Aside from playing with the lights and other remote functions, they were not able to delve into the car’s CAN bus to control the steering, throttle, or other critical functions. They also did not demonstrate the ability to unlock the car, although they were able to locate other Outlander PHEVs in Britain, since all of the cars share the same IP address. It’s also important to note that it took them four days to crack the password. Fundamentally, the hack isn’t much different than the Nissan Leaf smartphone app flaw that was discovered by an Australian software developer in February.

-
--
-

Pen Test Partners says it informed Mitsubishi and that the manufacturer is working on a fix. In the meantime, they’re suggesting that Outlander PHEV owners disable the car’s Wi-Fi connectivity altogether. We’ve contacted Mitsubishi about what this might mean for the U.S.-spec car, and we’ll update when we hear back.

-jWRE92SH5BI

Read Full Article

Link to comment
Share on other sites

Tired of these Ads? Register Today!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Tired of these Ads? Purchase Enhanced Membership today to remove them!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.