We have kept abreast of the security vulnerabilities of cars that have been exposed by various security researchers [view recent posts here, here and here]. This time, researchers are asking Mitsubishi to recall approximately 100,000 Outlander hybrid vehicles as they were able to hack into the security of the car and remotely turn on and off the alarm system, air conditioning and heating controls, change the program to charge the battery (and essentially drain it) and control the lights.
It all started when one of the researchers’ friends’ Outlander showed up as a Wi-Fi access point on the researcher’s phone. He was curious, so he bought an Outlander and started hacking away.
His research found that the Outlander uses wifi to connect the car directly with its owner’s smartphone, instead of a more secure web-based services that uses a GSM module. According to the researcher, this is less secure and allowed the researcher to disable the alarm and open the door. The rest of the vulnerabilities were discovered, including his ability to easily geolocate the car.
He is calling for Mitsubishi to recall the Outlander and re-engineer the system. Mitsubishi is working to diligently investigate the problem.