Remote functions via Wi-Fi, but easily hacked. (credit: Mitsubishi)
According to research firm Forrester, 35 percent of Americans—few of them Ars readers, we think—want Internet connectivity in their next vehicle. The car and tech industries are busy trying to make that happen. New cars increasingly come with their own LTE modem (and monthly bill), enabling remote apps that can give you a vehicle diagnostic or unlock your doors from the comfort of your phone or smartwatch. This is usually done in the cloud with plenty of thought given to security we're told—except in cases where there's no security at all.
But Mitsubishi's Outlander hybrid does things a bit differently, as the people over at PenTestPartners recently discovered. Instead of fitting the Outlander with a cellular modem for connectivity, you access its remote functions by connecting to the car's own Wi-Fi network. No monthly data plan needed, at the cost of connectivity only within range of the vehicle. Oh, and apparently Mitsubishi did a really bad job securing things.
The outfit bought its own Outlander to investigate the car's security, finding the pre-shared key easily crackable and the default SSID too formulaic. Once connected to a vehicle, one can play with the lights or climate control—similar to the Nissan exploit. But the researchers also discovered they could lock or unlock the doors remotely and perhaps more seriously, they were also able to disable the car's alarm.
Read 1 remaining paragraphs | Comments
No comments:
Post a Comment