Jump to content
Forums Gone... but not forgotten!
Pontiac of the Month

brandyv73's 1968 Firebird

2019 June
of the Month


This topic is now archived and is closed to further replies.


Car and Driver: What’s the Password? Mitsubishi Outlander Plug-in Hacked Over Wi-Fi

Recommended Posts

2017 Mitsubishi Outlander PHEV


Mitsubishi has some extra homework to do before it starts importing the 2017 Outlander PHEV this fall. Apparently, it can be hacked.



A British cybersecurity company claims to have hacked into the Outlander’s Wi-Fi access and performed a relatively innocuous level of mischief, such as turning on the climate control and the headlights, scheduling the battery charge time, and disabling the alarm system. The company, Pen Test Partners, says it bought a new plug-in hybrid Outlander after noticing the factory smartphone app had an “unusual method of connecting to the vehicle.”


Without computer science degrees, we won’t attempt to get into code discussions. But the company claims that Mitsubishi, instead of using a cellular-based network to communicate globally with any authorized smartphone running the app, uses a Wi-Fi access point instead. That means the app and its remote functions won’t control the car from beyond a range of a couple hundred feet. This seems like a more secure solution on its face, except that Mitsubishi’s 10-character Wi-Fi password was relatively simple to crack. Once that was accomplished, the hackers could find the encrypted “handshake” that authorizes devices to connect to the car.


Aside from playing with the lights and other remote functions, they were not able to delve into the car’s CAN bus to control the steering, throttle, or other critical functions. They also did not demonstrate the ability to unlock the car, although they were able to locate other Outlander PHEVs in Britain, since all of the cars share the same IP address. It’s also important to note that it took them four days to crack the password. Fundamentally, the hack isn’t much different than the Nissan Leaf smartphone app flaw that was discovered by an Australian software developer in February.


Pen Test Partners says it informed Mitsubishi and that the manufacturer is working on a fix. In the meantime, they’re suggesting that Outlander PHEV owners disable the car’s Wi-Fi connectivity altogether. We’ve contacted Mitsubishi about what this might mean for the U.S.-spec car, and we’ll update when we hear back.


Read Full Article

Share this post

Link to post
Share on other sites

Tired of these Ads? Register Today!

Tired of these Ads? Purchase Enhanced Membership today to remove them!
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.