View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Mitsubishi connected car hacked through mobile app

News: Ethical hackers take control of lights, heating and alarm through the car's wi-fi connection.

By Alexander Sword

Hackers have found a way to hack into a Mitsubishi vehicle in another worrying demonstration of the vulnerabilities affecting connected cars.

Pen Test Partners found that the Mitsubishi Outlander plug in hybrid electric vehicle (PHEV) could be hacked into due to the wi-fi connection it uses to pair with mobile devices.

Rather than using a GSM module that would allow it to connect directly to cellular services such as 3G and 4G, the car features a wi-fi access point which a mobile device can connect through.

This creates certain security problems; for one thing, Pen Test Partners found that the access key could easily be cracked as it is "too simple and too short".

To hack the car, the firm used this code and captured the handshake between one of the mobile devices and the car. The handshake, which means the automatic process of negotiation between the device and the server to set the configurations and parameters for the communication channel, could be found by forcing the paired mobile device to decouple from its normal wi-fi connection so that it would automatically connect to the car.

Once connected, the hackers were able to turn the lights on the car on and off and interfere with the car’s charging programme, which could force the car to charge using premium rate electricity. They also managed to turn the air conditioning and heating on and off to order.

Finally, they managed to turn off the car alarm.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The hack demonstrates the security dilemma thrown up by connecting vehicles to the internet.

Pen Test Partners said that as a short-term fix, car owners needed to unpair all mobile devices that have been connected to the car’s access point.

In the medium term, Pen Test Partners said that Mitsubishi should deploy new firmware to fix this problem. In the longer term, the firm said Mitsubishi should completely re-engineer the connection method.

Pen Test Partners said that attempts to alert Mitsubishi had been greeted with a lack of interest until the BBC became involved.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.