Security expert buys a Mitsubishi Outlander Hybrid to confirm Wi-Fi vulnerability

2016 Mitsubishi Outlander Sport
Connected car security concerns have become and will continue to be “a thing.” The latest issue, and one that deserves immediate notice, is about the Mitsubishi Outlander Hybrid SUV. A British security expert discovered a vulnerability in the Outlander’s onboard Wi-Fi almost by accident while waiting to pick up his kids after school, according to BBC News. As a result of his report and a demo to Mitsubishi, the company has advised owners to disable Wi-Fi in their vehicles until it figures out a fix.

Ken Munro was in his car when he noticed a Wi-Fi access point from a friend’s nearby Outlander. When Munro asked about it his friend explained how the system worked and what he could do with it from his cell phone. Munro tried the app and quickly found a troublesome vulnerability. So he got out of the app immediately.

What Munro did next isn’t what you would likely do, but he promptly bought an Outlander and took it to his company to check out the problem. What may seem like an overly cautious (not to mention expensive) reaction to a Wi-Fi weakness resulted in the manufacturer acknowledging the potential problem and recommending owners stop using Wi-Fi by de-registering their access points.

The issue Munro found was that remote commands sent to the Outlander go directly to the car’s access point, not through a third-party web server, which is the practice with most carmakers. Second, the access point name was distinct and could easily end up on websites that collect and display nearby access points. Munro and his colleagues used unnamed but “well-known techniques that let the researchers interpose themselves between car and owner and watch data as it flowed between the two.”

With access to the car’s system, anyone could flash the lights, drain the battery, and change other settings. The most disturbing finding, however, was the ability to disable the car’s alarm system. This could give thieves a chance to break in to steal the car’s contents, components, and possibly even the car itself.

Related: Driverless cars could be used for assassination, says Attorney General

“This hacking,” Mitsubishi acknowledged in a statement released to BBC News, “is a first for us as no other has been reported anywhere else in the world.” Mitsubishi recommended owners cancel the access point VIN registration via the smartphone app or with the car’s remote.

If you own a Mitsubishi Outlander Hybrid, there are three steps to be followed in order to delete the VIN registration. First, turn on the hazard lights. Second, within 30 seconds, and with the doors closed, press the Lock/Unlock button on the remote 10 times. That will put you in registration delete mode. Wait for the beeping to stop — if the system is registered there will be one beep with an additional beep for each device registered with the access point, so just wait. Then, within 5 minutes, and again with the doors closed and using the car remote, press the Lock/Unlock button 20 times. Those steps will de-register your car’s Wi-Fi system. Then wait until you get word that it’s OK to register it again after Mitsubishi figures out a solution.

This hasn’t been a great year for Mitsubishi with its admission of fuel economy test cheating and resulting slower sales. Hopefully, the company can resolve the Wi-Fi security issue quickly.

Product Review

August and Yale’s first lock brings looks, smarts, and a split personality

The first fruit of Yale’s acquisition of August, this enhanced Assure Lock SL Touchscreen Deadbolt is a definite upgrade on last year’s model, adding style and versatility to home security. Read our full review to learn more.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Home Theater

The best movies on Netflix in November, from 'The Witch’ to ‘Dracula’

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.

Common Chrome OS problems, and how to fix them

Is something irking you about Chrome OS? Find your problem on our list of bugs, issues, and general complaints about the OS, along with easy solutions to any issues that might arise.

Camaro vs. Mustang: Differences and similarities between two premier pony cars

The Chevrolet Camaro and the Ford Mustang are two of America's favorite sports cars. In this comparison piece, we highlight the main differences between the two machines when it comes to their design and performance, among other factors.

Roborace wants human drivers and machines to work together

Roborace believes the future of racing is autonomous, but it's keeping human drivers in the picture for now. For its first race season, Roborace will use a car called DevBot 2.0 that can be driven by humans or machines.
Emerging Tech

Awesome Tech You Can’t Buy Yet: 1-handed drone control, a pot that stirs itself

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!

Tesla raises prices and simplifies options on Model S and Model X

Tesla is making changes to its offerings of the Model S and Model X. The lower-range 75D models will increase in price, while the higher-range 100D models will decrease in price.

Tesla brings track mode to Model 3 Performance

The new Track Mode introduced for the Tesla 3 Performance model adds stability to the drive while you're behind the wheel and is specifically designed for driving on closed track courses.

Jaguar’s rally-ready F-Type roadster is happiest off the pavement

Jaguar is celebrating the XK120's 70th birthday by turning the F-Type roadster into a rally warrior. Built to FIA specifications, the model receives suspension and braking upgrades plus a full roll cage to protect the occupants.

Lyft’s new rewards program promises ride discounts and comfier cars

If you're always hopping in and out of a Lyft car, then you'll be pleased to hear that the ridesharing service is about to launch a rewards program. Perks include discounts on future trips and upgrades to comfier cars.

Study suggests autonomous cars could become red-light districts on wheels

Fully autonomous cars can change the way we commute, but they can also have a far-reaching impact on the tourism industry. Two researchers published a study that outlines how self-driving technology could create a new dimension in tourism.

VW will use Siri as the designated driver for its connected car party

Volkswagen of America added Apple's Siri to help drivers control and interact with their cars. Owners can customize voice commands to tell Siri to change access settings such as interior climate, vehicle lock status, and fuel checks.

Meet the born-again Ford Bronco that will soothe your ’90s nostalgia

Ford has confirmed it will bring the Bronco back to American showrooms in a few short years. While it's still very much a work in progress, this is what we expect from the Blue Oval's born-again off-roader.