back to article Wi-Fi hack disables Mitsubishi Outlander's theft alarm – white hats

Security weaknesses in the set-up of Mitsubishi Outlander leave the hybrid car exposed to hack attacks – including the potential for crooks to disable theft alarms. The Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV) is a top-selling family hybrid SUV. More than 100,000 of them have been sold worldwide, around 22, …

Silver badge

Didn't they later...

After changing the keys to the funky slim rod type things had an issue where half a tennis ball struck hard would pop the lock with ease. Explains why Escort Cosworths were so easy to drive off.

5
1
Unhappy

Re: Didn't they later...

True. So all we have to do is put up with 30 years of easily steal-able internet connected locks and we'll be back to what we finally achieved a few years ago, where the only way to steal the car was to gain access to the physical key.

3
0
Silver badge
Happy

A mate of mine once forgot where he had parked his car and drove off in the wrong BMW 3 series ... it did not surprise him that there was a box of lager in the trunk when he filled it with the shopping, he just thought it was the missus ... when he got home, he noticed his laptop bag was not in the trunk ... after he had gotten all the shopping out ... went back to the supermarket, reported what had happened ... half an hour later, another punter called the supermarket ... and problem solved ... red faces etc this was the 90's.

3
0
Silver badge
FAIL

Re: Didn't they later...

"tennis ball struck hard would pop the lock"

Wrong.

0
0
Anonymous Coward

manufacturer fail...

"it should be noted that without the remote control device, the car cannot be started and driven away."

FAIL. That is precisely what the man-in-the-middle attack demonstrates!

This complete lack of understanding of the new world that vehicle manufacturers are venturing into, is the reason why I'm sticking to old-school 'dumb' vehicles.

The best anti-theft device I've ever seen was fitted by a mate of mine to his old Triumph Dolomite Sprint. He placed a toggle switch in a discreet location, which disabled the car's electric fuel pump. Sure the car might get nicked, given the trivial ease by which you can get into these old cars, but it wouldn't get further than a 100 metres down the road even if hotwired.

9
0
Silver badge

Re: manufacturer fail...

My old man did the same to his G-wagon, though he went over the top as usual. Fuel pump cut off, ignition cut off add in different places and a dash mounted engine cut off that triggered the alarm if the other two weren't turn on first.

You just had to remember to turn everything off again when you parked up... (he is a sparky so he doesn't do things by halves)

3
0
Silver badge

Re: manufacturer fail...

My old Holden LJ Torana came with a kill switch hidden under the dashboard. If you didn't turn it off, there was nothing you could do to get the car up and running. Admittedly, no doubt professional thieving sods of the time knew exactly where to look for the kill switches, but these days a kill switch would be highly effective I imagine...

5
0
Anonymous Coward

Re: manufacturer fail...

Many Austins / Rovers (e.g. Montego) had a little fuel pump switch behind the centre console to cut off automatically in the event of an impact. Pull it up, kill pump. Push it down, power restored.

Granted, if you were nicking one, there was a good chance it would break down or a body part would fall off within a mile anyway, but that's a different story.

8
0
Silver badge

Re: manufacturer fail...

Lets be honest now, if you were stealing one, you'd generally be doing the owner a favour. (My granddad had a Montego.... came with a free pack of cigs. Spray painted under the spare tyre. Boy could he pick them... he also left it on the estate he lived unlocked for a week to see if it would get stolen. Didn't move an inch all week)

4
0
Silver badge

The title is too long

"This means that drivers can only communicate with the car from within Wi-Fi range, a huge disadvantage."

The exact opposite actually. There's absolutely no reason you could ever need to fuck around with your car from the other side of the country, while having a short range connection means that no-one else can fuck around with it from there either. In addition, it doesn't matter what distance from your car you might be if you don't have a phone signal, while pretty much the only reason wi-fi could fail is if your batter dies, which would obviously affect GSM just as much.

"Once unlocked, there is potential for many more attacks against the car."

No shit. Having full physical access to a car allows you to do stuff to it. There don't need to be any computers or wi-fi shenanigans involved for that to be the case.

14
0
Anonymous Coward

I agree with all the complainers about vehicle inesecurity systems, but I suspect the majority of you have a smartphone, smart TV, or even house alarm system, which is much more cause for concern than this particular car.

0
7
Black Helicopters

Call me the vocal minority...

I have NONE OF THE ABOVE! ;<}

6
0
WTF?

Only a smart phone and that doesn't cost £40K.

5
0

Japanese just don't do software, look at SONY.

Look at what you get with Japanese cameras and scanners.

0
2
Anonymous Coward

Eh? What are you on about?

0
0
Silver badge
Coffee/keyboard

'Cos HP's printer and scanner software is amazing...

5
0

RE: 'Cos HP's printer and scanner software is amazing...

Their wireless hardware is outstanding too. When my neighbours plugged in their new printer, my laptop could 'see' the AP.

I live in a rural location. My neighbours are 250m away across the fields.

(Unfortunately, they must have opted for a wired connection and disabled the wifi. Otherwise, their printer might have become haunted...)

1
0
Silver badge

Re: RE: 'Cos HP's printer and scanner software is amazing...

Way back when I was a kid the people across the road from us had the same TV as us rented from the same company. The remote control range was amazing, and they had their TV replaced twice before they changed to a different TV. We haunted their TV like crazy, and I don't think they ever worked out that the TV didn't give problems when the curtains were closed.

0
0

Oh well now I know what those 5 entries in the SSIDs logs are, I'm was surprised that there are so many Mitsubishi WiFi access points roaming past my house

Along with the Skoda, Vauxhall, Ford, Porche, Audi, Mercedes and BMW.

3
0
Silver badge

SSID: ThisisntJustAnyWifiAPThisIsaMarksandSpencersLovely84GhzWifiMadeFrom

VirginsTitsAndFlangeBatter

2
0

A Mitsubishi Outlander has the strongest possible anti-theft safeguard

It's a Mitsubishi Outlander

5
2

Re: A Mitsubishi Outlander has the strongest possible anti-theft safeguard

Down-voted by Outlander owners? One of the few perks of ownership

3
0
Silver badge

Re: A Mitsubishi Outlander has the strongest possible anti-theft safeguard

if you get the one with the electric heater, it eats all the battery all the time....the 3h i believe...

nearly bought a phev..did a lot of research. 4h doesnt have that heater problem, although the salesman didnt tell me that. quite liked it actually. and, contrary to previous posts, its pretty quick off the line (for a big heavy thing...i have a z4 and and an xtrail. its somewhere in between...more to the xtrail end of the spectrum admittedly). spacious, great if you are doing under 30 miles a day. you can get a recharge port installed for almost nothing due to grants (or you could) at your home. if you have solar panels as well, you are on a winner.

just didnt think it was quite the right time to invest in the tech...a few more years....

hopefully tesla will do a model t ford and blow the market to bits in the near future. one of my cousins has a tesla....wow, its a great piece of tech..amazing actually, but let he first adopters adopt..those with the very deep pockets....and things will change

0
0

Nope

To be fair these things are so slow you could probably run and catch it before the drove it away,

This is why I don't want external connectivity of this kind.

I have a W204 C class Merc, internally there is a lot of computerisation, the cruise talks to the engine and brake system, the Comand talks to the instrument cluster, there's brake assist and auto lights and wipers and seat belt tensioners and all sorts of bollocks.

But the only way to talk to the internal computerisation is via a physical port. And that's the way I like it.

5
0
Anonymous Coward

Re: Nope

I wouldn't polish the Mercedes halo too much. There are multiple problems with Merc software also with some Mercs sharing the Jeep Cherokee (formerly Daimler-Chrysler) system. On a simple functional level an Italian journalist reported an incident a couple of years ago where a Merc system crash caused his diesel engined C-class to stop on the autostrada. This seems to have been an isolated incident but don't imagine that air gapped means invulnerable.

0
0
Pint

Re: Nope

Indeed but a Distributor Cap failure (dont ask) caused me to end up stranded on the outside lane of a motorway (the go faster one), its not just the IT that can cause problems. No joke.

A beer because that's what I needed afterwards, several beers n fact.

0
0
Silver badge

Re: Nope

im asking. a dizzy? are you from the past?

0
0
Silver badge

Re: Nope

had the accelerator cable on my westfield snap whilst doing an overtaking manouvre. admittedly, i'd build the fucking thing, so my fault...but i share your pain there

0
0
Silver badge

I run an Outlander PHEV

The phone app has the following capabilities:

Shows the state of battery charging - I use this a lot

Turn heating on/off - very useful on cold mornings to warm the car before setting off

Turn on headlights - possibly useful if it's night in a big car park and you've forgotten where it is, but I've never used it

Timers - for automatically charging the car at a set time, don't use this

Change car settings - which includes the alarm function.

As Mitsubishi state, you can disable the car alarm, but if you want to drive it away, you'll need a key. I can't say this is my greatest concern.

7
2
Happy

Re: I run an Outlander PHEV

I own one as well.

My wife could not make a good case for actually needing any of the Wi-Fi functions, so they stayed disabled.

I bought her a new coat so that she doesn't need to turn the car heating on in the winter. Sorted!

Very happy with the car. 26 mile trips on battery only (in the summer, as lights, wipers and wet roads mean I can only get 24 miles on the charge.) Silently pulling the caravan off muddy fields with the 4WD gets many looks of admiration. Enough room to carry 2.4m lengths of wood in the car. Only downside is that it's too long to fit in the garage unless I take my racking down (not going to happen!)

5
0
Silver badge

Re: I run an Outlander PHEV

"drive it away" is optional once you're inside the car with all the time in the world. Hell, you could just release the brake and tow it late at night, who's going to know?

1
0
Anonymous Coward

Re: I run an Outlander PHEV

Same here with my Outlander.

I played with the WiFi when I first got it but got fed up with my phone connecting to it rather than my house wifi (and thus no internet connection) so I disabled the WiFi in the car.

As the car can't be driven away by someone using this hack then I am not too worried.

The stupid Chrysler that I'm driving (rental) has two effing wifi points. One in the front and one in the back for the kids. They are both 3G connected but the SIM's thankfully didn't work unless I opted to pay the extra for Internet Radio.

Naturally there was no owners manual in the glovebox so I had to find a dealer in order to work out how to disable it. The dealer was surprised by this because the WiFi hotspots were a top selling point.

American families seem to have little or no brain apparently.

4
0
Silver badge

@Lee

The Outlander has an electronic handbrake (a parking brake like most automatics), so you still need a key. To be fair, once you're inside, you can (like most cars) gain access to the various buses that provide computer management of the car, so it's possible you could override it, but I think joyriders would probably look for an easier target.

@David, yes my experience is similar. When buying any EV, it's vital to understand how your driving patterns fit with the car, but if you do a lot of trips <20 miles, you can get >>100 mpg. Even adding the cost of a recharge (about £1, so equivalent to a litre of petrol) I still average over 70 mpg, which is pretty amazing for a 2 ton petrol-engined 4WD SUV. If you spend most of your time cruising motorways, consumption will be a lot worse, of course.

1
0

This post has been deleted by its author

Silver badge

Re: I run an Outlander PHEV

2 wifi ap's inside a car? how shit is each one???

0
0
AOD
FAIL

Yet another kind of drive-by

The only way that this will get the focus it deserves is if customers and insurers react in the same way as back in the 80's when hot hatch nicking was at it's peak. One of the results of that was Thatcham which slowly dragged (UK) car security (and manufacturers) into the (then) current century.

Once insurers started pusing premiums to eye watering levels, customers sat up and took notice, as did car manufacturers when their sales started going through the floor.

It took a while but before long, certain brands started including Thatcham alarm/immobilisers as standard fit items rather than as options.

Thatcham need to take a similar view on automotive cybersecurity as well with either an equivalent to Cat 1 or even better, make it part of the Cat 1 certification.

6
0
Silver badge

Re: Yet another kind of drive-by

What we really need is for manufactures to realise that we own cars for more than a couple of years. As such all of this software related trickery is going to age and fail, badly (seriously, how long before some car has a serious issue with the 'int' limit?). It's also becoming more and more obvious that once someone figures out how to crack open a certain car, if it's desirable then it'll end up in the hands of crims before you can say 'taken without consent', so ignoring the issue is going to bite the manufactures the in arse, then the face.... then the wallet.

As such I'd like the makers to start offering us cars without all of the trickery for getting into the car and instead rely on tried and trusted methods....like maybe something physical, made of hard wearing metal....oooo I dunno, about an inch and 'alf to two inches long? Thats maybe, just maybe made for our car and our car alone? It shouldn't do anything funny like open the car before physical contact or use radio waves for anything other than to receive and play through the stereo. Is this too much to ask?

This way, least the little.....people of questionable parentage have to at least work for it rather than just stroll up and drive off.

2
0
Silver badge
WTF?

This hacking is a first for us as none other has been reported anywhere else in the world.

"This hacking is a first for us as none other has been reported anywhere else in the world.", Mitsubishi 2016.

Do we really have to go through all this "we've never had to deal with this before" BS for every new device some company wants to plug up to the internet? I hate asking the government (any of them) to get involved in my life but at this point I would absolutely support someone that wanted to fine or put in jail programmers who fail to implement well known precautions against hacking attempts.

This is just bonkers.

4
0
Silver badge
Unhappy

Re: This hacking is a first for us as none other has been reported anywhere else in the world.

On the bright side, at least the access key isn't "password" or "1234".

1
0
Facepalm

Hmm to avoid all this kind of widgetry my next car's going to be Korean.

North Korean.

1
0
Trollface

North Korean Cars

Oh, it will have all the electronics that a Japanese car will, they just wont work.

0
0
Silver badge

Re: North Korean Cars

It's also possible to avoid all electronic security woes by buying an Italian car. Yes it will be loaded with electronic nonsense but you won't want to use any of it because the functionality will be dreadful, on the rare occasions when it works, most of the time it just won't work.

0
0
Silver badge

Just in time for Infosec 2016

Nice marketing Ken !

Seriously though, take a look at their videos on YouTube. Last year was quite entertaining and food for thought. Scales, Kayla and WiFi CCTV hacking if I recall.

Not that your marketing tricks work on me.

.. Oh, hang on ... damn.

I'm not affiliated to PTP, but I can see a capable bunch of Chaps!

1
0
Silver badge

Re: Just in time for Infosec 2016

... and the iKettle and some "smart" TVs. ken and his gang have been very busy and also very entertaining.

1
0
Silver badge

Could be worse

Give me WiFi any day. VW's Car-Net is Verizon cellular and can't be disabled without taking the dashboard apart. It costs $18/month if you somehow find a use for it.

1
0
Silver badge

Obligatory Knight Rider reference

https://youtu.be/kki3MjmGtY0?t=226

1
0

Additional Security Measure

Surely the white hats have missed the additional security measure that Mitsubishi have implemented here: They have gone to the trouble of creating a car that no-one in their right mind would want to steal, let alone have to invest 4 days brute-force hacking in order to do so.

1
1
Silver badge

Well at last I can comment

Ken gave an excellent talk at the Cyber Security Professionals event in York this year. Those of us with an interest in the IoT were subject to a verbal NDA about the issues described here and some deeper details of the vulnerabilities which give me greater cause for concern.

The response from Mitsubishi "This hacking is a first for us as none other has been reported anywhere else in the world." also causes concern. I can't believe that a large corporation imagines that this is a sensible response to a notification that their vehicle security is this poor.

Sadly the same response has been made to me over the last two years by several companies. One vendor tried to avoid fixing a vulnerability that would auto-execute code uploaded to their web application using exactly the same excuse. I'm not sure what the implication is supposed to be "No one else noticed it, so you are telling lies"? It's similar to the denials made by TalkTalk about being hacked.

Here's a clue to the sales droids and the heads of companies that receive notifications similar to this one. The appropriate and non-damaging response is to thank whoever brought this to their attention, to state that the company takes this matter seriously, that the company will immediately seek independent confirmation of the discovery and, if possible, customers should take the following steps [...] to avoid issues until the company can issue a fix. Don't try to cover it up and claim it's a non-issue. That makes the company look like shifty idiots who don't care about their customers.

0
0
Silver badge
Joke

Re: Well at last I can comment

Oh, I'm sure they'll realize soon enough there's an extremely simple fix that mitigates all possible security concerns comprehensively and fully: just stop broadcasting the WiFi SSID....

1
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018