— A Mitsubishi Outlander Plug-In Hybrid electric vehicle (PHEV) has been hacked by researchers from a British security and testing company, something the automaker didn't want to hear about it until the media stepped in.
Pen Test Partners describes itself as security consultants who expose security flaws by penetrating security systems. It appears that's exactly what the company did with the Mitsubishi Outlander PHEV.
The 2017 Mitsubishi Outlander Plug-In Hybrid purchased by researchers is a crossover SUV with an electric range up to 30 miles and capable of about 250 miles using the gasoline engine.
The Mitsubishi Outlander PHEV hack allowed researchers to turn the lights on and off and alter the electric charging program, forcing the SUV to charge using premium rate electricity. Additionally, researchers controlled the heating and air conditioning system to show how quickly the battery could be drained.
This might sound bad enough, but Pen Test Partners say they could have caused all kinds of trouble because they were able to disarm the security/theft system of the Outlander PHEV.
Able to open the door and do what they wanted without setting off alarms, researchers could gain access to the onboard diagnostic port which is accessible once the door is unlocked and opened. Saying it is "shocking and should not be possible," researchers say a strong potential for "many more attacks" can occur once the door is opened without alarming anyone.
Company researchers say they found it unusual the way the Outlander connected through the mobile application. While the majority of remote control apps connect through a web service (cloud), the Outlander PHEV does it differently, but not better.
Researchers believe the extra vulnerability comes from the automaker taking a cheaper route by using the current connection method and creating a system that wasn't implemented securely.
The company tried to inform the automaker privately about the security flaws but was "greeted with disinterest" by Mitsubishi. A call to the British Broadcasting Corporation (BBC) took care of the "disinterest" and the automaker is now talking to researchers and taking the matter seriously.
Pen Test Partners released a statement saying Mitsubishi needs to re-engineer its system and recall the Outlander PHEV SUVs.
Mitsubishi now joins a growing list of automakers that have been hacked in one way or another.
The OnStar system from General Motors has been hacked, the Nissan LEAF was taken over by hackers, a Tesla Model S was controlled by friendly hackers and researchers took a Jeep Cherokee on a wild ride in Missouri.
The Jeep hack caused Chrysler to recall 1.4 million of the SUVs to close the security vulnerabilities.
How the 2017 Mitsubishi Outlander Plug-In Hybrid Was Hacked