Risk of "Mitsubishi Outlander PHEV" being hijacked from communications with smartphone applications

As a plug-in hybrid car (PHEV) Mitsubishi Motors' record No. 1 worldwide sales in 2015Outlander PHEV"Includes checking of vehicle information and operations such as charging and air conditioning from a smartphone"Mitsubishi Remote ControlThe security company found that there is a danger of getting hijacked from the outside here, though the system called 'built in' is incorporated.

Hacking the Mitsubishi Outlander PHEV SUV - YouTube


Hacking the Mitsubishi Outlander PHEV hybrid | Pen Test Partners
https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/


Ken Munro of Pen Test Partners of security company. Pen Test Partners seems to have purchased Outlander PHEV for this investigation, and its license plate is "H4CK M3 (HACK ME)".


Features of Outlander PHEV is that "Mitsubishi Remote Control" allows you to check vehicle information such as schedule timer charging from the smartphone, pre-air conditioning schedule setting before getting on the car, forgetting to close the door, and vehicle operation.



For example, it is very convenient to let the headlight light up or turn off by operation from the smartphone application.


Recently "collaboration between cars and smartphone applications" is no longer a rare thing. However, there was a difference in communication module between Mitsubishi and other manufacturers. Other manufacturers installed a GSM module in the vehicle, but Mitsubishi installed a Wi - Fi access point. I guess Mr. Munro probably chose it because it was simply cheap.


Required to connect to this Wi-Fi access pointPre-shared key(PSK) is described only in the user manual, but because it is too short and simple, Munro and others used 4 GPUs to achieve cracking in less than 4 days. If you can use more cloud services to use more GPUs, it means that the time to complete the analysis was much shorter.

By the way, since the fixed form SSID is "REMOTEnnaaaa" (n is a number, a is an alphabet lower case letter), if you can analyze the password, it will be possible for people who do not have the user manual to connect to the car about.


Normally, if you set the "anti-theft alarm", even if you push your hands through the open window, the alarm sounds ....


It is even possible to cut off an alarm, even if you thrust your hands or open the door, it will be unresponsive.

To be able to unlock the door means that the on-board diagnostic port can be used. When you get to the vehicle system from here, it's no funny thing anyway.


Also, since the SSID has already been known,WiGLEBy using the mapping service of the wireless network like, it is possible to search the current location. There is a map in the image glittered but the place where this pin is located is in the UK where the Outlander PHEV is located. It means that you can be identified to your home or work place.


Pen Test Partners tells Mitsubishi Motors this problem and seems to receive a reply from Mitsubishi to respond promptly.


As a solution until the correspondence is done, it is mentioned to delete "VIN Registration (vehicle identification number registration)" of the application. However, Pen Test Partners investigated overseas vehicles, and it is unknown whether or not they are exactly the same specifications even for vehicles destined for Japan.