The Mitsubishi Outlander remains one of the most inexpensive and widely sold SUVs in global markets with more than 100,000 of them sold worldwide. But this cash cow has now become the latest cause for concern for the Japanese car maker.
On Monday, researchers revealed vulnerabilities in the Outlander’s Wi-Fi console exposed, which could allow cyber attackers to switch off the cars alarms before potentially stealing the vehicle.
Ken Munro of PenTestPartners, the security firm that exposed the vulnerability, has explained the hack on the company website.
The Mitsubishi Outlander has an app which allows users to control certain features of the cars, and check the status of the car through the app using WiFi. As it turns out, the connection over WiFi isn’t too secure.
The security team at PenTestPartners was able to crack the preset password on their Mitsubishi Outlander, hacking the system and performing a number of tasks that requires a properly-authenticated app to execute, including activating the climate control system, changing the charging schedule for the plug-in battery system, and turning off the anti-theft alarm.
As anyone can tell, the last one has more sinister implications than the others. The only silver lining being that the team at PenTestPartners couldn’t actually unlock the car, which would have been really bad news for the Japanese car maker.
Mitsubishi in an official statement has informed users that “this hacking is a first for us as no other has been reported anywhere else in the world,” and the company is “taking the matter seriously.”
While the company investigates the security flaw, the automaker has recommended that Outlander owners disable their onboard Wi-FI through the car’s app by selecting “Cancel VIN Registration” or through the remote app cancellation process, rendering the mobile app useless but acting as a short-term fix for the security flaw.