A British security firm has successfully hacked into a Mitsubishi Outlander Plug-In Hybrid, rekindling the debate over automobile vulnerability in an age where cars increasingly are reliant on their computers.
Pen Test Partners purchased a 2017 Outlander PHEV, which is expected to go on sale in the U.S. this fall, with the express purpose of seeing whether the SUV’s unique mobile app set-up might also provide an easy way into its on-board computer. The organization announced it had been able to breach the vehicle’s alarm system and turn it off.
“Once unlocked, there is potential for many more attacks,” read a report on the Pen Test Partners site. “The on-board diagnostics port is accessible once the door is unlocked.”
Mitsubishi is advising customers who own this Outlander to temporarily disable the car’s Wi-Fi and decouple the app from the car. The company is working on new firmware that will be pushed to the app.
As in-car tech becomes increasingly sophisticated — with its ultimate iteration being the self-driving car — some systems have proven to be less than secure.
Other cars hacked by professionals in order to show their weaknesses are Chrysler’s 2014 Jeep Cherokee, the Tesla Model S and the Nissan Leaf. The Jeep’s hack by two security experts led to 1.4 million cars being recalled for a software update last year.
The issue has the attention of both the FBI and the National Highway Traffic Safety Administration, which issued warnings in March for automakers to keep a close watch on the security of their in-car systems.
“This illustrates two critical issues of the ‘system of systems,’ firstly to isolate access points to devices and systems that are used by the public as much as you would with secure private systems such as bank accounts or personal medical records,” says cyber security expert Mark Skilton of Warwick Business School.
Only after approaching the BBC, which first reported the breach, did Pen Test Partners get the Japanese automaker’s attention, “and since then they have been very responsive to us and are taking the issue very seriously at the highest levels.”