Mitsubishi’s Outlander Hybrid Car’s Alarm Vulnerable to Hack due to Wi-Fi access point issue
Researcher and security expert Ken Munro has revealed that Mitsubishi’s Outlander hybrid car’s (PHEV) alarm has a glaring loophole that can make it easy for exploiters to turn it off through its onboard Wi-Fi. The weakness can be exploited with security bugs and this can lead to criminals breaking into the vehicle’s system, playing with the vehicle’s settings, get its battery drained and steal it all together.
The manufacturer, Mitsubishi, suggests that users mush turn off Wi-Fi in order to check the system’s issues. As of now over 100,000 Outlander cars have been sold.
The threat was identified by Munro of Pentest Partners when he was going to pick up his kids from school and observed an unusual Wi-Fi access point appearing on his smartphone’s list of available networks. He immediately got the hint that the Mitsubishi Outlander, which belong to his friend, is having issues as his friend showed him the car and the associated app as well as how to use the app to control various features of the vehicle. While speaking with the BBC, Munro stated that he was just playing with it and “soon realised it was vulnerable so I stopped.”
Later, Munro himself bought an Outlander and started examining the internal metrics of the car and how the vehicle communicates with other networks. Usually, car owners having vehicles that support web-based service which support applications for connecting to the network lock them remotely when not controlling them. To do this, commands are required to be sent to the car pass via the server’s prior to being addressed to the car through the mobile network. So, if the same command is replayed, it was possible to turn off the vehicle’s alarm.
But this isn’t the case with Mitsubishi cars as it lets apps talk to cars through an onboard Wi-Fi network but there are some underlying loopholes that make the network vulnerable. According to Munro, there is a distinct format for the access point’s name of the vehicle, which leads to the location of various Hybrid models of Mitsubishi because these are logged on websites which capture the names of their access points.
Munro stated in his blog post that “some were spotted while driving and others when parked at their owner’s house. A thief or hacker can therefore easily locate a car that is of interest to them.”
After identifying the flaws, Munro in collaboration with his Pen Test Partners’ security firm colleagues conducted a further investigation involving the use of popular techniques, which let them interpose between the owner and the car and observe the ensuing data flow. This access was then used to replay commands sent to an Outlander, which allowed them to enable lights flash and drain the battery’s charging by modifying the settings.
The revelations were “shocking” for the team as it was identified that the car’s alarm could also be turned off using this replay attack.
Watch the demo below
History of car hacks:
1 > Mitsubishi is not the only company feeling the burn from security flaws. It all started in 2015 when security researchers hacked onboard system of Jeep Cherokee and crash the vehicle into a ditch while sitting on their sofa about 10 miles away.
2 > The hackers behind the hacking of Jeep Cherokee also demonstrated how easy it is for attackers to hack US Police Department Vehicles and how one could infiltrate the car’s internal systems and make the operator of the car unable to shift the gear from park to drive. Then they can make the engine RPMs spike and the engine accelerates, without having any foot on the pedal.
3 > In October 2015, a silver Jaguar XFR parked in a parking lot in Auckland, New Zealand was stolen with the help of a hacking device that sends out a fake signal mirroring a wireless key.
HackRead did an extensive coverage of car hacks if you are interested in reading more just follow this link.