Skip to main content
  1. Home
  2. Cars
  3. News

Security expert buys a Mitsubishi Outlander Hybrid to confirm Wi-Fi vulnerability

Bruce Brown
By

2016 Mitsubishi Outlander Sport
Image used with permission by copyright holder
Connected car security concerns have become and will continue to be “a thing.” The latest issue, and one that deserves immediate notice, is about the Mitsubishi Outlander Hybrid SUV. A British security expert discovered a vulnerability in the Outlander’s onboard Wi-Fi almost by accident while waiting to pick up his kids after school, according to BBC News. As a result of his report and a demo to Mitsubishi, the company has advised owners to disable Wi-Fi in their vehicles until it figures out a fix.

Ken Munro was in his car when he noticed a Wi-Fi access point from a friend’s nearby Outlander. When Munro asked about it his friend explained how the system worked and what he could do with it from his cell phone. Munro tried the app and quickly found a troublesome vulnerability. So he got out of the app immediately.

Recommended Videos

What Munro did next isn’t what you would likely do, but he promptly bought an Outlander and took it to his company to check out the problem. What may seem like an overly cautious (not to mention expensive) reaction to a Wi-Fi weakness resulted in the manufacturer acknowledging the potential problem and recommending owners stop using Wi-Fi by de-registering their access points.

Related

The issue Munro found was that remote commands sent to the Outlander go directly to the car’s access point, not through a third-party web server, which is the practice with most carmakers. Second, the access point name was distinct and could easily end up on websites that collect and display nearby access points. Munro and his colleagues used unnamed but “well-known techniques that let the researchers interpose themselves between car and owner and watch data as it flowed between the two.”

With access to the car’s system, anyone could flash the lights, drain the battery, and change other settings. The most disturbing finding, however, was the ability to disable the car’s alarm system. This could give thieves a chance to break in to steal the car’s contents, components, and possibly even the car itself.

Related: Driverless cars could be used for assassination, says Attorney General

“This hacking,” Mitsubishi acknowledged in a statement released to BBC News, “is a first for us as no other has been reported anywhere else in the world.” Mitsubishi recommended owners cancel the access point VIN registration via the smartphone app or with the car’s remote.

If you own a Mitsubishi Outlander Hybrid, there are three steps to be followed in order to delete the VIN registration. First, turn on the hazard lights. Second, within 30 seconds, and with the doors closed, press the Lock/Unlock button on the remote 10 times. That will put you in registration delete mode. Wait for the beeping to stop — if the system is registered there will be one beep with an additional beep for each device registered with the access point, so just wait. Then, within 5 minutes, and again with the doors closed and using the car remote, press the Lock/Unlock button 20 times. Those steps will de-register your car’s Wi-Fi system. Then wait until you get word that it’s OK to register it again after Mitsubishi figures out a solution.

This hasn’t been a great year for Mitsubishi with its admission of fuel economy test cheating and resulting slower sales. Hopefully, the company can resolve the Wi-Fi security issue quickly.

Editors' Recommendations

Topics
Bruce Brown
Bruce Brown
Contributing Editor
Digital Trends Contributing Editor Bruce Brown is a member of the Smart Homes and Commerce teams. Bruce uses smart devices…
2025 Mercedes-Benz EQS sedan gets new face, bigger battery
2025 Mercedes-Benz EQS sedan front-quarter view.

The Mercedes-Benz EQS sedan arrived during the 2022 model year as the flagship of Mercedes' EV fleet. But now that it's been on sale for a few years, it's time for this flagship to get a refit so that it can stay competitive with other six-figure electric sedans like the BMW i7, Lucid Air, and Tesla Model S. The updated EQS sedan is scheduled to reach dealerships later this year as a 2025 model.

One of the most controversial features of the EQS has been its unorthodox streamlined shape, which makes the EQS one of the most aerodynamic sedans around, but also means it doesn't look much like a traditional Mercedes. For 2025, the EQS takes a step closer to that traditional look with a new grille featuring chrome bars like on the Mercedes S-Class. It also sports the brand's trademark hood ornament.

Read more
Best electric car charger deals: $100 off home charging stations
The handle of the Grizzl-E EV charger plugged into a vehicle.

A few years ago, electric vehicles were pretty rare or cost a fortune, but with more and more of the larger car brands getting into the game, there are a lot of excellent and even budget-friendly choices nowadays. That said, the electrical network for charging your cars might not be that widespread, so instead you'll have to rely on charging your car at home. Luckily, there are a lot of excellent car chargers at a discount, so if you've just bought an EV or want to upgrade your current charging solution, be sure to check out our favorite deals below.
Shockflo EV charger — $205, was $220

This EV charger by Shockflo is a Level 2 EV charger, which offers six times faster charging than a standard charger. It delivers 24 miles with just one hour of charging, and it can act as a mobile charger you can throw in the trunk or be mounted to a wall. It has an LCD display with useful information like charging rate, voltage, and charging time, as well as LED indicator lights that lets you know charging progress and errors.

Read more
Mercedes-Benz EQG: range, price, release date, and more
Concept image of the larger electric G-Wagon

The G-Class is going electric. We already knew that Mercedes-Benz was working on an electric, small-size G-Wagon, but it looks like the company is also working on a larger G-Class SUV, in the form of the EQG. In fact, Mercedes has gone as far as to show off a concept version of the off-roader.

While there's much we don't know about what will become the production model of the EQG, Mercedes has also shared a lot about it. Curious about whether the Mercedes-Benz EQG could be the EV for you? Here's everything we know so far.
Design
Fear not -- the EQG will retain many of the design aspects of the G-Class that you already know and love but with a modern face-lift. The EQG will keep the boxy design that gives the G-Class a classic look but with some additional modern styling, at least if the concept version is anything to go by.

Read more