Jump to content
Forums Gone... but not forgotten!
Pontiac of the Month

Debbie Harris's 1969 Grand Prix

2021 October
of the Month

  • Welcome!

    Welcome to Forever Pontiac, where we keep the memory of Pontiac alive with great discussion, maintenance tips, restoration/modification progression "blogs" and help from professional & DIY mechanics. Also, wonderful competitions that occur regularly. Please register for an absolutely free account to join in!

Car and Driver: What’s the Password? Mitsubishi Outlander Plug-in Hacked Over Wi-Fi


Recommended Posts

2017 Mitsubishi Outlander PHEV


Mitsubishi has some extra homework to do before it starts importing the 2017 Outlander PHEV this fall. Apparently, it can be hacked.



A British cybersecurity company claims to have hacked into the Outlander’s Wi-Fi access and performed a relatively innocuous level of mischief, such as turning on the climate control and the headlights, scheduling the battery charge time, and disabling the alarm system. The company, Pen Test Partners, says it bought a new plug-in hybrid Outlander after noticing the factory smartphone app had an “unusual method of connecting to the vehicle.”


Without computer science degrees, we won’t attempt to get into code discussions. But the company claims that Mitsubishi, instead of using a cellular-based network to communicate globally with any authorized smartphone running the app, uses a Wi-Fi access point instead. That means the app and its remote functions won’t control the car from beyond a range of a couple hundred feet. This seems like a more secure solution on its face, except that Mitsubishi’s 10-character Wi-Fi password was relatively simple to crack. Once that was accomplished, the hackers could find the encrypted “handshake” that authorizes devices to connect to the car.


Aside from playing with the lights and other remote functions, they were not able to delve into the car’s CAN bus to control the steering, throttle, or other critical functions. They also did not demonstrate the ability to unlock the car, although they were able to locate other Outlander PHEVs in Britain, since all of the cars share the same IP address. It’s also important to note that it took them four days to crack the password. Fundamentally, the hack isn’t much different than the Nissan Leaf smartphone app flaw that was discovered by an Australian software developer in February.


Pen Test Partners says it informed Mitsubishi and that the manufacturer is working on a fix. In the meantime, they’re suggesting that Outlander PHEV owners disable the car’s Wi-Fi connectivity altogether. We’ve contacted Mitsubishi about what this might mean for the U.S.-spec car, and we’ll update when we hear back.


Read Full Article

Link to comment
Share on other sites

Tired of these Ads? Register Today!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Tired of these Ads? Purchase Enhanced Membership today to remove them!
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.