Researchers at Pen Test Partners have wirelessly hacked the Mitsubishi Outlander Hybrid SUV, allowing the group to take control of the vehicle's electric charging and even switch off the alarm control.
In a video posted online, a security researcher shows how easy it was for his team to crack the code of the car and to enter the internal brain. As a result, the car can be easily opened and stolen without a trace.
The major issue is Mitsubishi’s mobile app, which connects to a wireless access point inside the SUV and lets the owner set charging times, turn on the lights, air conditioning and turn off alarms. To access the app, you need the SSID and password, which Munro claims is not enough security to deflect attackers, according to RW.
In tests, the team was able to break into the car within four days using a low-power cracking rig, which uses brute force attacks to try every SSID and password combination until it breaks in.
The unnamed researcher said with more powerful equipment, the hacker may be able to find the correct SSID and password within 24 hours.
“If I was a thief and I fancied your car, first of all because it’s a WiFi device I would geo-locate it using resources like Wiggle,” said the hacker.
“I [would then] find your car, crack your WiFi key, send the code required to disable the alarm from a laptop or a hacked mobile device, jimmy the door or smash your window, unlock your door, then access the IDB port inside, and I’ve potentially got the car."
