2016 - Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT

The Mitsubishi Outlander PHEV hybrid SUV is a plug-in hybrid petrol/electric vehicle. Like many vehicles, it has a mobile app that can be used to control some functions. Rather unusually, the mobile app communicates DIRECT with a Wi-Fi access point on the vehicle. Most other mobile apps communicate with their car via the manufacturers servers, then onwards over mobile data/GSM to a module in the car. We believe Mitsubishi have taken this route in order to save cost. We purchased an Outlander PHEV to investigate its security and found some pretty depressing security flaws over Wi-Fi. Cracking the PSK was way too easy, which led us on to reverse engineering the communication protocol used by the mobile app with the on-board Gainspan Wi-Fi module. These range from trivial issues such as turning the lights on and off, thru to other methods of draining the drive battery, then to preventing it charging. Finally, we found a way to disable the alarm, exposing the vehicle to theft. As the Wi-Fi SSID for each vehicle follows a specific format, it is also easy to geo-locate these cars on wigle.net, find a car at the owner’s house, disable the alarm etc...