SUV Hack via Wi-Fi

Wednesday, June 8, 2016 @ 01:06 PM gHale


Security for automobiles is once again proving to be an issue that will not go away.

This time, attackers can easily break into the Mitsubishi Outlander, a popular hybrid SUV. Attackers could exploit security weaknesses in the setup that allows a user to remotely control the car via an app.

RELATED STORIES
Radio Attack Breaks into Autos
Vehicles that Communicate through Intersections
Tips on Securing a Vehicle
Leaf Hole Brings IoT Security Alert

Pen Test Partners discovered the weaknesses, which include:
• The mobile app connects to the car through a Wi-Fi access point on it, instead of a web service and GSM module, making it impossible to use if one is not in range of the car’s wireless network.
• This wireless network’s Wi-Fi pre shared key is on a piece of paper included in the owners’ manual, but its format is also too simple and too short, allowing attackers to crack it easily and relatively quickly.
• The car’s Wi-Fi access point has a unique SSID, but in a predictable format. This allowed the researchers to geolocate various Outlanders.
After discovering the SSID and the pre-shared key, they connected to a static IP address within a network’s subnet, and this allowed them to sniff the Wi-Fi connection and send messages to the car.

Through these messages they were able to turn the car’s lights, air conditioning and heating on and off, change the charging program and, most importantly, to disable the car’s anti-theft alarm.

“Once unlocked, there is potential for many more attacks. The on board diagnostics (OBD) port is accessible once the door is unlocked. While we haven’t looked in detail at this, you may recall from a hack of some BMW vehicles which suggested that the OBD port could be used to code new keys for the car,” the researchers said in a blog post.

“We also haven’t looked at connections between the Wi-Fi module and the Wi-Fi module and the Controller Area Network (CAN). There is certainly access to the infotainment system from the Wi-Fi module. Whether this extends to the CAN is something we need more time to investigate.”

They have tried to get in touch with Mitsubishi and share these discoveries responsibly, but didn’t have much luck initially. Only after they made them public the company contacted them.

Mitsubishi is currently working on new firmware for the Wi-Fi module that should fix these flaws. Until they push it out, they advised owners to deactivate the Wi-Fi using the “Cancel VIN Registration” option on the app, or by using the remote app cancellation procedure.