The Mitsubishi Outlander is one of the most inexpensive three-row SUVs on the market. But, even with the low price, it has a lot of available features. One of those, at least on the plug-in hybrid version that's available now in Europe and will be in the US for 2017, is a smartphone app that lets you monitor the status of your car. It lets owners unlock the doors, turn the heat or A/C on remotely, and set the charging timer for the plug-in system.
But, weirdly, instead of using a cloud-based cellular connection to communicate with the car like basically every other connected car service out there, Mitsubishi makes owners download an app and then connect their phone to the car's Wi-Fi network in order to control it. That's weird and a pain. And, it turns out, it's also pretty insecure, especially for a feature that lets you disable the anti-theft alarm.
In the grand scheme of car hacks, this one is actually pretty obscure and benign since you have to be within Wi-Fi range of the car itself to execute it — but that doesn't mean it's OK. A team of security researchers at PenTestPartners was able to crack the preset password on their Mitsubishi Outlander and fool the car into performing a number of tasks that would normally require a properly authenticated app to execute, including activating the climate control system, changing the charging schedule for the plug-in battery system, and turning off the anti-theft alarm. That last one is a bit worse than the others. And, while the researchers couldn't actually unlock the car, being able to disable the anti-theft alarm could make stealing the car easier.
I'm not sure what the worst part is about this whole situation: the fact that drivers need to manually change their Wi-Fi network every time they want to use their "smart" Mitsubishi Outlander or that it was implemented in a rather insecure way. I was going to write "to be fair to Mitsubishi, the hack doesn't really give much access to the car" but that's not really the point.
If you're going to make your car smart, don't make it vulnerable to hackers, no matter how benign the hack. And seriously Mitsubishi, don't make me change the Wi-Fi network on my phone in order to take advantage of my smart car. That's just annoying.