Mitsubishi Outlander hacked, raising car security stakes
Mitsubishi Outlander hacked, raising car security stakes
Researchers at Pen Test Partners have wirelessly hacked the Mitsubishi Outlander Hybrid SUV, allowing them to take control of the vehicle’s electric charging and even turn off the alarm system.
In a five minute video, security researcher Ken Munro demonstrates how easy it is for a potential hacker to take control into the system and potentially pinch the car without alerting anyone.
See Also: Hack a car in Michigan, get a life sentence?
The major issue is Mitsubishi’s mobile app, which connects to a wireless access point inside the SUV and lets the owner set charging times, turn on the lights, air conditioning, and turn off alarms. To access the app, you need the SSID and password, which Munro claims is not enough security to deflect attackers.
In tests, Munro’s team was able to break into the car within four days using a low-power cracking rig, which uses brute force attacks to try every SSID and password combination until it breaks in. He said with more powerful equipment the hacker may be able to find the correct SSID and password within 24 hours.
“If I was a thief and I fancied your car, first of all because it’s a Wi-Fi device I would geo-locate it using resources like Wiggle,” said Munro. “I [would then] find your car, crack your Wi-Fi key, send the code required to disable the alarm from a laptop or a hacked mobile device, jimmy the door or smash your window, unlock your door, then access the IDB port inside, and I’ve potentially got your car.”
Mitsubishi called it “no big deal?”
That’s quite a scary prospect, especially since when Munro’s team originally contacted Mitsubishi, the company told the researchers that it wasn’t a big deal and it wouldn’t fix the security issues. We assume, now that the hack has been made public, Mitsubishi will make efforts to fix the security issues, if it wants the Outlander Hybrid SUV to do well in the United States when it launches next year.
“The failures of poorly configured Wi-Fi security access has occurred in other high profile cases in the past couple of years,” said Warwick Business School cyber security professor, Mark Skilton. “They include the hacking of the inflight entertainment system in 2015 by security researchers on a United Airlines flight, to hacking nearly 100 networked traffic lights in Michigan by another security researcher with a laptop in 2014, enabling the changing of light commands at will.”
“These are not a failure of the system itself,” Skilton continued. “All these hacks exploited poor design of the systems’ security design. In all these cases the entry point has been compromised and it allowed the hacker to gain access to other systems on board that could include and threaten human safety.”
“Cars are increasingly having on-board connectivity to the internet beyond just entertainment and to the operation of the car itself. But, while access to email and websites is one thing, access to mission critical systems in any situation—be it a building, operating theatre or transport vehicle—is a whole different set of risk and security issues.”
See Also: Hackers drive huge global IoT security market growth
Car security is becoming a much more important topic, as we enter an age of autonomy in vehicles. Imagine if instead of just being able to hack your dashboard, hackers were able to take control of your car and remotely steer it?
Hopefully, with companies like Google, Uber, and Lyft heavily involved in autonomous cars, we will see millions spent ensuring the system cannot be hacked, which will hopefully change Mitsubishi and other automakers view on the importance of security.
The post Mitsubishi Outlander hacked, raising car security stakes appeared first on ReadWrite.
(26)
