Experts hack Mitsubishi Outlander hybrid; over 1k units expect recall

Tokyo, June 8: Japanese automobile manufacturer Mitsubishi Motors might soon have to recall over 100,000 of its Mitsubishi Outlander hybrid car, as it has been found that hackers can remotely control the vehicle’s alarm system, lights and battery.

This is according to Ken Munro, a security expert who purchased the car and performed tests on it.

According to Munro, the Mitsubishi Outlander hybrid uses Wi-Fi to connect with smartphones, a method that is less secure, thus allowing him to disable the car’s alarm and unlock it. For those unaware, most of the new cars with dedicated apps connect using GSM mobile data connections, which are slightly more secure.

Munro blames Outlander hybrid’s insecure software for the hack as the company might have cut costs by not using more secure software. “I assume that it’s been designed like this to be much cheaper for Mitsubishi than [the more secure] GSM/web service/mobile app based solutions,” he said on the Pen Test Partners website.

Munro further added that not only could he disable the car alarm, he was also able to geolocate the car and track it. “Mitsubishi need to re-engineer [the system] method completely,” he said. “Words like ‘recall’ spring to mind.”

The security expert approached Mitsubishi as well but the initial attempts to privately disclose the matter to Mitsubishi were ‘greeted with disinterest.” However, when Munro told BBC about the hack, the Japanese car maker responded quickly. Mitsubishi said it is taking the matter ‘seriously’.

“This hacking is a first for us as no other has been reported anywhere else in the world,” the company said. Although the company has not confirmed whether it would recall the cars or not, it has provided a temporary solution for the time being. And that is to deactivate the Wi-Fi for now, says BBC.