Mitsubishi Outlander Can Be Hacked Through Wi-Fi

[HardOCP News]

If you own, or plan on owning a Mitsubishi Outlander, you should probably watch this video. Pretty sad that Mitsubishi wasn't very concerned about this issue until these guys made a video about the problem.

 

[EchoWars]

Love the license plate.

 

[viscountalpha]

Not surprised at all. I'm waiting for someone to get killed or have their car just die on them mid-traffic because it was hacked. It's literally just a matter of time.

 

[Tsumi]

Isolated systems. Airplanes have had it for years. Car makers need to learn a thing or two about keeping systems isolated.

 

[ShamisOMally]

And per business of the norm, the company said it was "Not a problem" until media got involved

 

[Ocellaris]

Mitsubishi doesnt give a shit about much of anything at this point. Nissan is close to owning a majority share to save them from the misery of falling further into irrelevance.

 

[jbltecnicspro]

Isolated systems. Airplanes have had it for years. Car makers need to learn a thing or two about keeping systems isolated.

But... The convenience! Think about the convenience!

 

[the_servicer]

I'm waiting for someone to get killed or have their car just die on them mid-traffic because it was hacked. It's literally just a matter of time.

When it happens people will act surprised. Politicians and journalists will behave as if it's a new problem and one which only became obvious after loss of life.

 

[Quix]

Mitsubishi doesnt give a shit about much of anything at this point. Nissan is close to owning a majority share to save them from the misery of falling further into irrelevance.

Sure they do, Mitsubishi doesn't want anything that might lower their share value, that will reduce what Nissan will pay for those shares.

 

[Stiletto]

Like the super ultra mega brilliant smartster Neil DeGrasse Tyson says, we just need "unhackable systems".

Duh, guys. Get to it. Don't you feel the smartness?

 

[M76]

Like the super ultra mega brilliant smartster Neil DeGrasse Tyson says, we just need "unhackable systems".

Duh, guys. Get to it. Don't you feel the smartness?

So It's confirmed. Deal long enough with creationist bullshit and you will loose your mind.

 

[nutzo]

Which is why I don't want a car with built in WiFi or the ability to start it from my cell phone.
Hands free phone - Fine, Streaming music - ok, run the GPS app or updates through Bluetooth to my phone - great. Anything else - forget it.

 

[westrock2000]

My reservation here with the video (and I did watch it) was that he never actually shows anything being done. The big reveal in the video is actually him saying "take my word for it".

And the reason this bothers me, is because this type of alarming announcements have been made before and in every case I can think of there was either a crucial step left out that required physical access to some part of the car (which all bets are off at that point) or once pressed about their actions they reveal it was really just theoretical.

 

[maxius]

If you own, or plan on owning a Mitsubishi Outlander, you should probably watch this video. Pretty sad that Mitsubishi wasn't very concerned about this issue until these guys made a video about the problem.

This goes back to my cry that everything does not need to be online. yet engineers are making everything they could dream up online accessible. They do not stop and think should this "insert product here" be on the online.

 

[westrock2000]

The other assumption made in this video is one that really annoys me. The main thesis for this "hack" is that the password is only a 10 character alphanumeric sequence. Which he claims can be broken in 4 days, or less then 1 day if you used distributed computing. This is of course assuming an optimal brute force attack. But does the system actually allow a brute force attack? Apple proved that with a very simple cock block, you could make even a ridiculously easy 4 character numeric password damn near impossible to break. Adding delay, even small delay between password attempts makes the practicality of hacking not worth while.

He does not state that they hacked the password. He already knew the password to the wi-fi and instead focused on man in the middle attacks after the fact. Maybe this is why Mitsubishi wasn't that concerned originally. Maybe an engineer looked at it and said yes this is possible, but in reality it would take months to even brute force the password because of how the system is set up. Only after public pressure did they buck (which the public does not understand this stuff and is suseptable to alarmist claims).

I don't care if the worlds fastest super computer in the world can process 60 gillion passwords a second. You cannot type in 60 gillion passwords a second on a device.

 

[Seelenlos]

Jeep hack video from last year.

 

[likeman]

The other assumption made in this video is one that really annoys me. The main thesis for this "hack" is that the password is only a 10 character alphanumeric sequence.

its the WPA key as you can bash at it offline its only 10 digits long and due to its fixed length its easy to crack offline

the fix is that the password needs to be able to be changed and needs to be a lot longer (at least 20 and phone+app whitelisting so you can only pair with the phone when inside the car and communications on the app should be encrypted as well and should not be relying on WPA security )

 

[DustMite]

The way I see it; anything that can connect to the internet can be hacked. period. If man created it then man can break it.
I prefer my automobiles to be free from the internet, thank you.
If someone wants to steal or break into my vehicle, they're gonna have to do it the old fashioned way...say with a tire iron, or a brick through the window for example.