tech
The Mitsubishi Outlander Is Totally Hackable
The Mitsubishi Outlander Is Totally Hackable
By Kevin Collier
Jun 06, 2016
A Black Hole Was Simulated And Studied In A Bathtub
A Black Hole Was Simulated And Studied In A Bathtub
By Jeff Donlan
Aug 25, 2017
Brands Are Having A Total Eclipse Of The Heart
Brands Are Having A Total Eclipse Of The Heart
By Jonathan Sanger
Aug 21, 2017
Telescope-Mounted Jets Will Chase The Solar Eclipse
Telescope-Mounted Jets Will Chase The Solar Eclipse
By Jeff Donlan
Aug 04, 2017
Augmented Reality Puts You In ‘Take On Me’ Music Video
Augmented Reality Puts You In ‘Take On Me’ Music Video
By Jeff Donlan
Jul 28, 2017
Game Of Thrones Premiere Saw 90 Million Illegal Downloads
Game Of Thrones Premiere Saw 90 Million Illegal Downloads
By Andrew Caringi
Jul 21, 2017
Hey Google, Take Me To Space
Hey Google, Take Me To Space
By Jonathan Sanger
Jul 21, 2017
Jaguar’s New SUV Barrel Rolls Into The Record Books
Jaguar’s New SUV Barrel Rolls Into The Record Books
By Vocativ Staff
Jul 17, 2017
This 3D-Printing Pen Got A ‘Double’ Upgrade
This 3D-Printing Pen Got A ‘Double’ Upgrade
By Vocativ Staff
Jun 22, 2017
This Robot Composes Its Own Marimba Music
This Robot Composes Its Own Marimba Music
By Ruby Nitzberg
Jun 16, 2017
This Grocery Drives Itself To Your Door
This Grocery Drives Itself To Your Door
By Ruby Nitzberg
Jun 16, 2017
Cyber Security

The Mitsubishi Outlander Is Totally Hackable

And the SUV's app integration means a computer could track them from anywhere

Cyber Security
Photo Illustration: Diana Quach
By Kevin Collier
Jun 06, 2016 at 5:13 PM ET

Researchers have found that yet another vehicle—this time, the Mitsubishi Outlander, a plug-in electric hybrid (or PHEV)—is terribly vulnerable to hackers.

It’s thanks to the fact that the car is designed to interact with a user’s iPhone or Android app to accomplish some basic functions, like disabling a wailing alarm. This interaction is based on a ten-digit code that Pen Test Partners, a cybersecurity research firm, was able to figure out after four days of systemized guessing, though they say it would take far less time with more computing power. Once they’d connected with the car, researchers were able to easily disable its alarm.

And it doesn’t stop there. Because each car contains its own Wi-Fi access point, and each follows a specific standard pattern for their assigned SSIDs—a unique identifier for a Wi-Fi network—it’s not hard for a hacker to locate Outlander PHEVs all over the world with sites that visualize SSIDs’ locations. Pen Test Partners were able to successfully guess the locations of other PHEVs, so in theory, enterprising criminals could simply track down an Outlander in order to break in and perhaps steal it.

Ever since researchers disabled a Wired reporter’s Jeep while he was driving on the highway in 2015, reports of car hacking have skyrocketed, prompting warnings from the FBI and congressional calls to study how to improve industry cybersecurity. But that industry seems reluctant to accept it as a real danger. Pen Test Partners said multiple messages to Mitsubishi went unanswered until after the BBC did a story on its findings.

The Outlander PHEV is widely sold in Europe and Asia, but isn’t scheduled to be introduced to the U.S. until 2017, a Mitsubishi representative told Vocativ. When asked whether the company would address the cybersecurity flaws Pen Test Partners found, the representative said “I really have no idea.”