-
If you have not please join our official My Outlander PHEV Facebook Group!
Mitsubishi Outlander PHEV Facebook Group
PHEV alarm can be switched off using hacked wifi [merged]
- Thread starter Jimmac
- Start date
Help Support Mitsubishi Outlander PHEV Forum:
jaapv
Well-known member
The funny thing about this whole hoo-ha is that the journalists do not realize that it is wholly unnecessary to go to the trouble of hacking the car to disable the alarm and open it...* The rest of the hack is just play-around-annoy-your-neighbour stuff.
*Get a signal amplifier @ 15 pounds, hide it under the car, get behind a bush in the neighbourhood, and as the owner opens the car store the amplified signal on your mobile phone. Use the phone to open the car.
If you can stand within 20 meters of the car unnoticed you don't even need the amplifier.
https://www.youtube.com/watch?v=U86P_ByfgY8
*Get a signal amplifier @ 15 pounds, hide it under the car, get behind a bush in the neighbourhood, and as the owner opens the car store the amplified signal on your mobile phone. Use the phone to open the car.
If you can stand within 20 meters of the car unnoticed you don't even need the amplifier.
https://www.youtube.com/watch?v=U86P_ByfgY8
SolarBoy
Well-known member
Now this is public knowledge, I've turned my car WIFI access point off, thing is, there's a ton of damage anyone could do to the car including updating the car's WiFi firmware, it's not just a case of disabling the alarm.
When I first set the car up I was disappointed that the password couldn't be modified, and I bet the format of the password is similar throughout. My letters/numbers were grouped in a specific non-random order, letters then numbers. If others are the same which I suspect is the case this reduces the cracking time by a considerable margin.
When I first set the car up I was disappointed that the password couldn't be modified, and I bet the format of the password is similar throughout. My letters/numbers were grouped in a specific non-random order, letters then numbers. If others are the same which I suspect is the case this reduces the cracking time by a considerable margin.
jaapv
Well-known member
Well, it would not be real damage, would it? Should anybody do this - and it is equivalent to scratching somebodies car out of spite- you just need one call to your dealer and they will come out with their laptop and reinstall the firmware...
I think that this is just the media feeding paranoia.
I think that this is just the media feeding paranoia.
anko
Well-known member
What is so bad about somebody updating your WiFi firmware? Saves you the trouble 
Must say, in the Netherlands, we do not have the factory installed alarm systems. If any, we have aftermarket units that are not connected to the Wifi module (I do). I guess this is partly why we are so relaxed about it :idea:
Must say, in the Netherlands, we do not have the factory installed alarm systems. If any, we have aftermarket units that are not connected to the Wifi module (I do). I guess this is partly why we are so relaxed about it :idea:
Jimmac said:
Scary stuff.
Out of the few thousand people that can do this, let's say 1% is actually interested in doing it.
Out of that 1%, one of them actually has to be near YOUR car while YOU operate your phone app to access it.
Better batten down.......
SolarBoy
Well-known member
Basically wazzard identified a bunch of scary things in his thread about his own home-made WiFi app.
Read all the pages, including the bit that shows that via WiFi there is access to the engine, then come back and say if you think there is no issue ...
Read all the pages, including the bit that shows that via WiFi there is access to the engine, then come back and say if you think there is no issue ...
jaapv
Well-known member
anko said:What is so bad about somebody updating your WiFi firmware? Saves you the trouble
Must say, in the Netherlands, we do not have the factory installed alarm systems. If any, we have aftermarket units that are not connected to the Wifi module (I do). I guess this is partly why we are so relaxed about it :idea:
Very true.
However, what is so scary about some prankster messing up your software, apart from it being annoying? It would need a firmware reinstall, which your dealer will happily provide.
As I said, you don't need a firmware hack to open it without the alarm going off, so what is new?
Now if it were possible to control it whilst driving, like some other cars appear to be, that would be scary. With the second-rate WiFi on this car? Not a chance...
anko
Well-known member
Where does it say he has access to the engine via WiFi? He assumes he may at some time. But hew also says he is struggling and the picture I put in explains why. So he says. I am not saying it is not possible. But I don't see where he says he managed to do it ....SolarBoy said:Basically wazzard identified a bunch of scary things in his thread about his own home-made WiFi app.
Read all the pages, including the bit that shows that via WiFi there is access to the engine, then come back and say if you think there is no issue ...
anko
Well-known member
Don't think this is even true. They needed to be near an app that was communicating to a car to learn the protocol. But now they have learned it, all they need is crack the wifi code of your car ....HHL said:
jaapv said:
That's seems a bit old and unlikely these days.. I thought key fobs for some time now use a rolling pattern sequence so simply capturing a one-off signal would be useless as the car would require a different one next time. The two keys have different identifier tags in the signal so the car can cope with a signal for either being at different points in the sequence.
SolarBoy
Well-known member
anko said:
In the UK, if it's not nailed or screwed down to something immovable, it will be stolen whether or not the person that took it actually needed it or had any plans with doing anything with it.
I believe the alarm on the UK spec would be there to reduce the insurance rating?
(I've just set the alarm off by having the windows and sunroof open ... it's hot (the 1 day of summer) and as my WiFi app is disconnected I can't pre-cool ...)
anko
Well-known member
I thought the 'current scheme' had to do with Keyless entry systems. These systems only allow access to the car when the car receives a signal from the FOB. No press on the FOB is required, but the FOB only transmits its signal when it sees a signal emitted by the car (which has approx. 70 cm range). So, you need an amplifier to extend the cars signal to the FOB and then another amplifier to extend the FOB signal back to the car. And then you can use the Keyless entry system with the FOB not being neer the car. But one amplifier needs to be near the car and the other has to be near the FOB.
anko
Well-known member
Oh, we (most of us) do have alarm systems, but as far as I understand the factory fitted systems are considered not safe enough by the insurance companies over here.SolarBoy said:
jaapv
Well-known member
Which will be hanging inside your front door...Close enough at night.anko said:
jaapv
Well-known member
Most insurers over here insist on a class 1 (immobilizer), class 3 (factory alarm) and class 4 (tracking) alarm, taken together that makes a class 5 alarm system, fitted to cars over a certain price ( about 30.000 Euro incl. taxes IIRC).anko said:
anko
Well-known member
Class 3 is not synonym for factory alarm. It is even questionable if the factory alarm of the PHEV would classify as a Class 3 alarm.jaapv said:
My insurer settle for class 3 alarm for my 52K euro PHEV. Pretty sure most insurers would have, if it hadden't been for the hoax back in 2013 that a zillion Russians where preparing to invade our country and lift our brand new PHEVs as soon as they had arrived .... :mrgreen:
anko
Well-known member
So true. Therefor, mine is notjaapv said:
But altogether a story quite different from simply trapping and copying a signal with a cell phone and reusing it later.
SolarBoy
Well-known member
Shamusj said:
No you don't.
You can easily doublecheck by looking for the outlander wifi ssid which starts with REMOTE
Share this page
Similar threads
