Skip to main content
  1. Home
  2. Cars
  3. News

Security expert buys a Mitsubishi Outlander Hybrid to confirm Wi-Fi vulnerability

Bruce Brown
By

2016 Mitsubishi Outlander Sport
Image used with permission by copyright holder
Connected car security concerns have become and will continue to be “a thing.” The latest issue, and one that deserves immediate notice, is about the Mitsubishi Outlander Hybrid SUV. A British security expert discovered a vulnerability in the Outlander’s onboard Wi-Fi almost by accident while waiting to pick up his kids after school, according to BBC News. As a result of his report and a demo to Mitsubishi, the company has advised owners to disable Wi-Fi in their vehicles until it figures out a fix.

Ken Munro was in his car when he noticed a Wi-Fi access point from a friend’s nearby Outlander. When Munro asked about it his friend explained how the system worked and what he could do with it from his cell phone. Munro tried the app and quickly found a troublesome vulnerability. So he got out of the app immediately.

Recommended Videos

What Munro did next isn’t what you would likely do, but he promptly bought an Outlander and took it to his company to check out the problem. What may seem like an overly cautious (not to mention expensive) reaction to a Wi-Fi weakness resulted in the manufacturer acknowledging the potential problem and recommending owners stop using Wi-Fi by de-registering their access points.

Related

The issue Munro found was that remote commands sent to the Outlander go directly to the car’s access point, not through a third-party web server, which is the practice with most carmakers. Second, the access point name was distinct and could easily end up on websites that collect and display nearby access points. Munro and his colleagues used unnamed but “well-known techniques that let the researchers interpose themselves between car and owner and watch data as it flowed between the two.”

With access to the car’s system, anyone could flash the lights, drain the battery, and change other settings. The most disturbing finding, however, was the ability to disable the car’s alarm system. This could give thieves a chance to break in to steal the car’s contents, components, and possibly even the car itself.

Related: Driverless cars could be used for assassination, says Attorney General

“This hacking,” Mitsubishi acknowledged in a statement released to BBC News, “is a first for us as no other has been reported anywhere else in the world.” Mitsubishi recommended owners cancel the access point VIN registration via the smartphone app or with the car’s remote.

If you own a Mitsubishi Outlander Hybrid, there are three steps to be followed in order to delete the VIN registration. First, turn on the hazard lights. Second, within 30 seconds, and with the doors closed, press the Lock/Unlock button on the remote 10 times. That will put you in registration delete mode. Wait for the beeping to stop — if the system is registered there will be one beep with an additional beep for each device registered with the access point, so just wait. Then, within 5 minutes, and again with the doors closed and using the car remote, press the Lock/Unlock button 20 times. Those steps will de-register your car’s Wi-Fi system. Then wait until you get word that it’s OK to register it again after Mitsubishi figures out a solution.

This hasn’t been a great year for Mitsubishi with its admission of fuel economy test cheating and resulting slower sales. Hopefully, the company can resolve the Wi-Fi security issue quickly.

Editors' Recommendations

Topics
Bruce Brown
Bruce Brown
Contributing Editor
Digital Trends Contributing Editor Bruce Brown is a member of the Smart Homes and Commerce teams. Bruce uses smart devices…
Mercedes-Benz EQG: range, price, release date, and more
Concept image of the larger electric G-Wagon

The G-Class is going electric. We already knew that Mercedes-Benz was working on an electric, small-size G-Wagon, but it looks like the company is also working on a larger G-Class SUV, in the form of the EQG. In fact, Mercedes has gone as far as to show off a concept version of the off-roader.

While there's much we don't know about what will become the production model of the EQG, Mercedes has also shared a lot about it. Curious about whether the Mercedes-Benz EQG could be the EV for you? Here's everything we know so far.
Design
Fear not -- the EQG will retain many of the design aspects of the G-Class that you already know and love but with a modern face-lift. The EQG will keep the boxy design that gives the G-Class a classic look but with some additional modern styling, at least if the concept version is anything to go by.

Read more
Rivian R2 vs. Kia EV9: battle of affordable electric SUVs
Kia EV9 GT-Line Three Quarters

The long-awaited Rivian R2 has finally been announced, and it's an excellent option for those who want an electric SUV that doesn't completely break the bank. Sure, the R2 isn't cheap -- but it's a whole lot cheaper than most other EVs out there, especially when it comes to SUVs. But Rivian isn't the only company trying to tackle the problem of the budget electric SUV. The Kia EV9 is finally available, and it too offers a modern design and a range of helpful features.

Given the fact that the Rivian R2 and Kia EV9 are two electric SUVs in a similar price range, you might be wondering which is better for your needs. That's why we put the Rivian R2 and the Kia EV9 head-to-head.
Design
Both the Rivian R2 and the Kia EV9 are actual SUVs -- not crossovers pretending to be SUVs, like plenty of other EVs out there. The two vehicles offer big, boxy designs and plenty of interior space, making them excellent options for families or those who need that extra storage.

Read more
Rivian R2 vs R1S: How will Rivian’s cheaper SUV compare?
The front three-quarter view of a 2022 Rivian against a rocky backdrop.

Rivian has finally unveiled the R2, its long-awaited attempt at a more affordable electric SUV. The new vehicle may not be available just yet, but fans of Rivian's design aesthetics and feature set are already looking forward to being able to order the new car. The R2 is targeted at being a more affordable take on the electric SUV and will sit alongside the flagship-tier R1S.

Let's get this out of the way right now: The R1S is most likely going to be a better vehicle than the R2. Rivian isn't replacing the R1S with the R2 — it's releasing the R2 as a more affordable alternative, and there will be some compromises when buying the R2 over the R1S.

Read more