Mitsubishi confirms security flaw with Outlander PHEV

In an email to customers, Mitsubishi UK confirms existence of a security flaw with their wifi equipped Outlander PHEV.

Read the full response to customers below:

Ref: Mitsubishi Outlander PHEV Wi-Fi and Mobile App Security Issue

Dear Customer,

It was brought to our attention at the end of last week that there is a possibility that the Wi-Fi system installed in the Mitsubishi Outlander PHEV can be accessed using the Mobile App without authorisation from the vehicle’s owner. We take this matter very seriously and are actively working with all parties to better understand and resolve the issue.

This ‘hacking’ can only occur when within range of the vehicle’s Wi-Fi. Once the hacking has taken place, it is possible for the alarm to be deactivated. Even if the alarm were deactivated the vehicle remains locked and secure. In this state, however, should someone try to gain entry to the vehicle by forced access, the alarm would not sound.

At this early stage, until further technical investigation has taken place, we would recommend that the Wi-Fi is deactivated using the ‘Cancel VIN Registration’ option on the app, or by using the remote app cancellation procedure.

All devices paired to the vehicles Wi-Fi using the PHEV App must be deleted. Once all paired devices are unpaired/deleted from the Wi-Fi module, the Wi-Fi module will effectively go to sleep, eliminating any risk.

With the Wi-Fi disabled, the functions which are on the App can still be performed from inside the vehicle using the infotainment screen. There is no security risk when using the functions in this way.

If you have not downloaded the Outlander PHEV App and never connected a mobile phone/device to the Wi-Fi access point on your Outlander PHEV, there is no risk and no need to perform this operation.

Pairing your phone to the car’s Bluetooth is unrelated to this issue and poses no security risk.
Once the Wi-Fi has been disconnected there is no security risk to your vehicle as a result of this issue.

If you have any questions about this procedure please contact your local dealer who will be pleased to assist.

Yours sincerely,

Mitsubishi Motors in the UK.

The Founder of driveEV. A driving and new technology fan enjoying learning all about the future of motoring. I drive a BMW i3.