Researchers remotely disable car alarm thanks to weak Wi-Fi security
Security researchers at Pen Test Partners have discovered a vulnerability in Mitsubishi’s plug-in hybrid electric Outlander that could allow potential car thieves to disable the car’s anti-theft alarms.
The security researchers investigate potential vulnerabilities in connected devices through the use of penetration testing and found that the Outlander’s Wi-Fi module can be accessed by anyone within range of the vehicle by connecting to it with their smartphone.
They then discovered that it was possible to bypass the module’s merge security key by employing a brute force attack. In total, it took Pen Test Partners only four days to crack into the vehicle’s Wi-Fi.
The majority of other connected cars use GSM modules as opposed to Wi-Fi ones to allow drivers to access their vehicle using a smartphone app. Since GSM uses a cellular connection it is more secure and that it is why most other manufacturers opt to use it instead.
After gaining access to the Outlander’s Wi-Fi, the security researchers where able to successfully carry out a man-in-the-middle attack between the Wi-Fi network and the vehicle. This let them replay messages from Mitsubishi’s app which allowed them to decode the binary protocol used by the vehicle.
It was then possible to turn the Outlander’s lights on an off, interfere with its charging program and adjust the air conditioning to quickly drain the vehicle’s battery. Pen Test Partners were very surprised though when they figured out how to disable the anti-theft alarm.
The security researchers did offer a number of short, medium and long term fixes for Mitsubishi. In the short term they found a way to render the company’s mobile app useless and with more time available they suggested Mitsubishi release new firmware for the Wi-Fi module.
However Pen Test Partners believes that this is such a serious issue that a full recall of the Outlander should be issued: "Mitsubishi needs to re-engineer the rather odd WiFi AP client connection method completely. A GSM module/web service method rather more like BMW Connected Drive would be much better long term. Words like 'recall' spring to mind".
The Mitsubishi Outlander is not the first connected car to have a security flaw as last year Fiat Chrysler had to issue a software update for 1.4 million of its cars. As cars become more connected, we will likely see similar vulnerabilities discovered in their hardware and software.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.