If you are an owner of Mitsubishi Outlander we don’t have good news for you. Ken Munro, a highly appreciated specialist in automotive security accidentally has discovered a gap in security, which may help the thieves to steal a car worth over 20 000 pounds without using any special devices, passkeys or picklocks.
How could it happen that such a brand allowed for such a big negligence? We don’t know it, however we know, what can be done to an unsecured car using just a standard laptop.
One day, when Ken Munro was waiting for his children in front of their school, he needed to connect to the Internet via Wi-Fi and he noticed that one of Access Points was located in a Outlander parking nearby. On his YT channel he shared a clip where he explained what he could do remotely to an Outlander having only a laptop.
Due to a Wi-Fi local access it was possible to connect to a car by means of an application used in a smart phone! The software allowed an operator to access to air-condition steering, heating, turning on the headlights, or … deactivate car alarms.
The network settings use the default PSK authentication, which is not specially hard to break while using, e.g., a brute force method. A car owner is not able to change a PSK keys on his own. The same is with a SSID name, which is the same in every single Mitsubishi Outlander.
So Mitsubishi advises to disable an access point. This procedure was treated in the car manual.
This embarrassing discovery made the baffled Mitsubishi management contact directly to Munro. The results collected during tests should help to increase security level on the vehicle inner system. For the time being they recommend to disable an access point functionality in the cars and this procedure is now described in the user manual.
On our part we do recommend GPS locators as an additional means to secure your car.