Pen Test Partners point out the vulnerability can also be used to drain the car’s battery and strand a car owner. That type of access can be used to program a new key for the car that can be used to steal the $40,000 vehicle, Munro said. The on-board diagnostics port is accessible once the door is unlocked,” wrote researchers at Pen Test Partners in a blog post explaining the discovery. “Once unlocked, there is potential for many more attacks.
Security researcher Ken Munro with Pen Test Partners discovered the vulnerability that allows him to disable the anti-theft system, manipulate the car’s climate control system, and turn on/off headlights. The car is predominantly sold in Europe today. starting this fall, suffers from weak password requirements that can easily be bypassed with a brute-force password attack, according to researchers at the Pen Test Partners. The hybrid electronic vehicle, which is slated to be sold here in the U.S. Security experts are warning owners of Mitsubishi Outlander Plug-In Hybrid Electric Vehicles that their cars can be hacked via the automobile’s on-board WiFi network used for remote control of key car features.
