Hackers have found a way to remotely disable the theft alarm of Mitsubishi's hybrid SUV, the Outlander. The hack is possible because the car has its own Wifi network which is used to connect to the car with a smartphone app.
The majority of other 'connected cars' don't work this way, they use the cellular network instead of Wifi to control the car with e.g. a smartphone. And instead of sending commands directly to the car, all commands are first routed through the servers of the car manufacturer.
Mitsubishi used a different method, the Outlander is fitted with a Wifi network, that's also not well protected.
The car's Wifi network is visible for anyone and security researcher Ken Munro was able to crack the Wifi key within 4 days with a relative slow computer. He got the idea when he saw the Wifi network of a friends Outlander appear in his list of Wifi networks while he was waiting for his kids at school.
According to Munro the Wifi key it set during manufacturing and it is too simple and too short. He estimated that with a faster computer he could have done the same hack in 1 day.
He also reports that besides turning off the theft alarm, it's also possible to switch the lights, air conditioning or heating on and off.
Mitsubishi wasn't really interested in Munro's findings at first. When the article found its way to the BBC, the company got more responsive and it's now working with Munro on fixing the issue.
