Cyber security researcher Ken Munro of Pen Test Partners reveals that security flaws in the Mitsubishi Outlander PHEV, including being able to disable the anti-theft alarm from a laptop.
Pen Test Partners say they found it unusual the way the Outlander connected through the mobile application. While the majority of remote control apps connect through a web service (cloud), the Outlander PHEV does it differently, but not better.
The loophole could mean thieves who exploit the bugs gain time to break into and steal a vehicle. The vulnerability can also be used to fiddle with some of the car’s settings and drain its battery.
The Outlander PHEV is the latest in a series of cars that have been found wanting when it comes to security. Chrysler’s 2014 Jeep Cherokee, the Tesla Model S and the Nissan Leaf have all been shown to be vulnerable to hack attacks of different degrees of severity.
Mitsubishi recommended that users turn off the onboard wi-fi W via the “cancel VIN Registration” option on the app or by using the remote app cancellation procedure.
A longer-term fix would require some action from Mitsubishi, said Mr Munro.
“New firmware should be deployed urgently to fix this problem properly, so the mobile app can still be used,” he said.
You can find much more information in the blog post on Pen Test Partners’ site.