An Inside Look At The Mitsubishi Outlander Hack
White hat hacker finds WiFi flaws in mobile app for popular auto; Mitsubishi working on fix.
Already have an account?
It all started a few months ago when a friend of penetration tester and self-styled industry maverick Ken Munro bought a Mitsubishi Outlander.
Munro, who works for U.K.-based penetration testers Pen Test Partners, says a red flag went off for him when he looked over the plug in hybrid electric vehicle (PHEV) and found that the mobile application communicates via WiFi.
“With other high-end cars like BMWs or Mercedes Benz’s the mobile app communicates over GSM or, in the U.S., LTE 4G,” he says. “GSM and LTE are broadly much harder to hack than WiFi.”
Not long after he first saw the Outlander, Munro went out and bought a new Outlander and ran a man in the middle attack over the WiFi communications. Sure enough, he was able to hack in and disable the anti-theft alarm.
“I know this can be upsetting but keep in mind that this field didn’t exist three years ago,” Munro explains. “So to be fair to the car companies, they are working to fix the various flaws we find.”
Munro spoke with Dark Reading this week, sharing some behind-the-scenes information on the Outlander hack and tips for what people who bought the cars can do to protect themselves until Mitsubishi issues a fix, which Munro says the carmaker intends to do.
The following slides give you an idea of how Munro exposed the vulnerability in the Outlander:
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024