Maybe smart cars aren’t such a good idea after all.
Security researchers have found a vulnerability in yet another connected vehicle. In the latest case, experts discovered a security hole in Mitsubishi’s Outlander plug-in electric vehicle that would allow a hacker to run down its battery or disable its alarm system. That could allow the hacker to unlock the car unnoticed, which could provide access to the car’s critical systems through its diagnostics port.
“Once unlocked, there is potential for many more attacks,” Ken Munro, a security consultant with Pen Test Partners in the United Kingdom, told the BBC.
The Outlander’s security flaw is related to how users connect to it. Most smart cars include a cellular radio that allows users to connect to them anywhere they have a signal on their phones.
Instead of a cellular radio, the Outlander only has a WiFi radio. Users connect to it just like they would to a regular WiFi hotspot, which means they can only communicate with the vehicle when they are within range of its radio.
Munro and his colleagues found that the encryption key used to secure the connection between users’ phones and the Outlander’s WiFi radio was weak and easy to crack. That made it easy for them to listen in on transmissions made between users and the vehicle, allowing them to discover and replay commands sent by the app to turn on and off its headlights and its air conditioning and heating system. They also were able to disarm its alarm.
After initially ignoring Pen Test Partners, Mitsubishi has since engaged with them and is now working on a fix to the problem. In the meantime, the security firm advises Outlander owners to unpair any and all devices that they’ve used to connect with the car’s WiFi radio. That will put the radio to sleep, effectively disabling it.
The Outlander is only the latest connected car for which a security vulnerability has been discovered. Last summer, researchers discovered a security hole in Chrysler’s Jeep Cherokee that would allow a hacker to disable the brakes and take control of the steering. Over the last year, security experts have also discovered holes in GM’s OnStar connected car service, Tesla’s Model S and Nissan’s Leaf.
Center console display inside the 2017 Mitsubishi Outlander PHEV. (Courtesy of Mitsubishi)
The post Mitsubishi Outlander security flaw discovered appeared first on SiliconBeat.
