Jump to content
Forums Gone... but not forgotten!

Tired of these Ads? Register Today!

  • Welcome to Forever Pontiac

    We are a community of Pontiac enthusiasts. The purpose of our community is to keep alive the Pontiac spirit by sharing (or showing off) our cars, discussing Pontiac, helping each other work on our cars and find information, plus attend various meets/shows/etc... To aid discussion, sharing, event planning and selling of parts/cars/anything, we have various parts of the website to aid this from Forums to an online Garage to Classifieds to even a Document Download Repository. You can find links to these in our navigation above based on what each section helps with (discussion, local events, learning, etc...).

    We invite you to contribute, find help or just view some of our member's amazing cars! Don't forget, we also have great contests from time to time (like our Pontiac of the Month and yearly calendar contest) and our Pontiac This OR That, a fun game where you choose the best of two randomly selected Pontiacs from our online garage.

    We look forward to seeing you around!

Archived

This topic is now archived and is closed to further replies.

FeedBot

Car and Driver: What’s the Password? Mitsubishi Outlander Plug-in Hacked Over Wi-Fi

Recommended Posts

2017 Mitsubishi Outlander PHEV

-

Mitsubishi has some extra homework to do before it starts importing the 2017 Outlander PHEV this fall. Apparently, it can be hacked.

-

-

A British cybersecurity company claims to have hacked into the Outlander’s Wi-Fi access and performed a relatively innocuous level of mischief, such as turning on the climate control and the headlights, scheduling the battery charge time, and disabling the alarm system. The company, Pen Test Partners, says it bought a new plug-in hybrid Outlander after noticing the factory smartphone app had an “unusual method of connecting to the vehicle.”

-

Without computer science degrees, we won’t attempt to get into code discussions. But the company claims that Mitsubishi, instead of using a cellular-based network to communicate globally with any authorized smartphone running the app, uses a Wi-Fi access point instead. That means the app and its remote functions won’t control the car from beyond a range of a couple hundred feet. This seems like a more secure solution on its face, except that Mitsubishi’s 10-character Wi-Fi password was relatively simple to crack. Once that was accomplished, the hackers could find the encrypted “handshake” that authorizes devices to connect to the car.

-

Aside from playing with the lights and other remote functions, they were not able to delve into the car’s CAN bus to control the steering, throttle, or other critical functions. They also did not demonstrate the ability to unlock the car, although they were able to locate other Outlander PHEVs in Britain, since all of the cars share the same IP address. It’s also important to note that it took them four days to crack the password. Fundamentally, the hack isn’t much different than the Nissan Leaf smartphone app flaw that was discovered by an Australian software developer in February.

-
--
-

Pen Test Partners says it informed Mitsubishi and that the manufacturer is working on a fix. In the meantime, they’re suggesting that Outlander PHEV owners disable the car’s Wi-Fi connectivity altogether. We’ve contacted Mitsubishi about what this might mean for the U.S.-spec car, and we’ll update when we hear back.

-jWRE92SH5BI

Read Full Article

Share this post


Link to post
Share on other sites

Tired of these Ads? Register Today!


Tired of these Ads? Purchase Enhanced Membership today to remove them!
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.