Security experts hack Mitsubishi Outlander through a flaw in wi-fi app

Security experts have found a flaw in the Wi-Fi network of the Mitsubishi Outlander PHEV (Plug-in Hybrid Vehicle). Photo / Supplied

Computer security experts have exploited a flaw in the app used to remotely control the Mitsubishi Outlander PHEV that makes the popular family SUV an easier target for thieves.

Pen Test Partners has published a blog on the security flaw which allowed them to remotely disengage the car's alarm. The security experts discovered the weakness when they noticed the mobile app had "an unusual method" of connecting to the vehicle.

The security experts bought an Outlander PHEV (Plug-in Hybrid Vehicle) and exploited the flaw, enabling them to turn off the car's alarm, control the car's lighting and air conditioning and drain the battery.

"Once unlocked, there is potential for many more attacks," the security experts said.

Another problem is that the Wi-Fi network for the cars have a distinct naming system, so a potential thief could first locate a car through its wi-fi signal before breaking in.

The researchers reported the problem to Mitsubishi and described the car maker's response as "disinterested".

However, after the security team contacted the BBC, Mitsubishi released a statement which said the matter was serious and "this hacking is a first for us as no other has been reported anywhere else in the world".

News Corp Australia has contacted Mitsubishi Australia for comment on the hacking.

In the era of the internet of Things in which increasingly everything is connected to a network, this is the latest case where security experts have discovered major back doors that could be dangerously exploited.

Last year a team of security experts used the entertainment system installed in the US model of a Jeep to take control of a vehicle and force it off the road.

Professor Mark Skilton, of the University of Warwick, said this was the latest in a string of high profile cases where security experts had discovered holes in Wi-Fi networks.

Last year researchers hacked the in-flight entertainment system of a United airlines flight and the year before a security expert was able to take control of 100 networked traffic lights in Michigan.

Professor Skilton said the problem was not a failure of the system but of poor design.

"Cars are increasingly having on-board connectivity to the internet beyond just entertainment and to the operation of the car itselfm" he said.

"But, while access to email and websites is one thing, access to mission critical systems in any situation - be it a building, operating theatre or transport vehicle - is a whole different set of risk and security issues."