Security experts have uncovered a security vulnerability in the Mitsubishi Outlander that fraudsters could exploit to potentially steal the car.
The vulnerability was discovered in Outlander’s Wi-Fi module, which can be manipulated to turn off the SUV’s alarm system, compromise car settings and drain its battery, according to the cybersecurity team at PenTestPartners.
“Once unlocked, there is potential for many more attacks,” the team said. “The onboard diagnostics port is accessible once the door is unlocked. Whilst we haven’t looked in detail at this, you may recall from a hack of some BMW vehicles which suggested that the OBD port could be used to code new keys for the car.”
It was found that the root of the problem lies in the rather unusual way the car connects to its mobile app. Instead of relying on the conventionally used GSM module, the car utilizes a Wi-Fi access point on the vehicle. So in order for a user to connect to the car, they must disconnect from any other Wi-Fi network and explicitly connect to the car’s access point.
From there, the user has access to various functionalities of the car. However, this means that a user needs to be within a pre-defined range to have access to the car putting them at a disadvantage. The PenTestPartners team says this Wi-Fi module has been poorly implemented by the Japanese car maker.
“The Wi-Fi pre shared key is written on a piece of paper included in the owners’ manual. The format is too simple and too short. We cracked it on a 4 x GPU (Graphic Processing Unit) cracking rig at less than 4 days. A much faster crack could be achieved with a cloud hosted service, or by buying more GPUs,” the team said.
The team was able to capture the handshake by utilizing public resources to find the required code and setting up a man-in-the-middle (MitM) attack. This enabled them to capture the data flow between the mobile app and the SUV. From there, they were able to compromise the car’s system through its onboard diagnostics port.
“Some were spotted while driving and others when parked at their owner’s house,” PenTestPartner’s Researcher Ken Munro said. “A thief or hacker can therefore easily locate a car that is of interest to them.”
The researchers pointed out that a long-term fix to this problem would be to reengineer the car’s outdated Wi-Fi access point.
“This hacking is a first for us as no other has been reported anywhere else in the world,” Mitsubishi said in a statement.