The investigation started when Pen Test Partners security firm’s expert Ken Munro found that the wi-fi access point (which is used to control some of the functions of the car) of a parked Mitsubishi Outlander Hybrid close by was visible on his smartphone.
The car’s wi-fi is used to connect the car to the driver’s smartphone; Munro decided to purchase his own Outlander Hybrid in a bid to investigate.
Munro and his team found that they were not just able to turn off the car’s security alarm, they were able to locate individual Outlander Hybrid models, control various vital functions of the car (including flashing the headlights remotely), tweak the car’s charging settings, and even drain the battery.
Pen Test Partners have said that a short-term fix would be to unpair all mobile devices that have been connected to the wi-fi access point. This can be done by selecting ‘Settings’, then ‘Cancel VIN Registration’ in the Outlander PHEV phone app.