Any fix for the remote app security risks?

[Sailordoc]

It has been many months since we were all advised to unpair and delete the remote app due to the ability of thieves to turn off the alarm. Since then, nothing heard. I assumed that Mitsubishi would be developing a more secure app, probably with a software upgrade needed for the car. Have I missed an announcement or is their inactivity just another example of their shocking customer service?

 

[SolarBoy]

It has been many months since we were all advised to unpair and delete the remote app due to the ability of thieves to turn off the alarm. Since then, nothing heard. I assumed that Mitsubishi would be developing a more secure app, probably with a software upgrade needed for the car. Have I missed an announcement or is their inactivity just another example of their shocking customer service?

The latter.

Shocking really.

Advice from Mitsubishi is to disable WiFi: http://www.mitsubishi-cars.co.uk/outlander/remote-app.aspx

 

[jaapv]

Or they have found out that it was all a bit of hot air anyway...

 

[Sailordoc]

Or they have found out that it was all a bit of hot air anyway...

If that were the case, a simple announcement that there are no security issues and that the app can be used again would have sufficed. The fact that there has been no further announcement suggests that they are aware of the risk, but have either decided not to bother fixing it or have found they cannot fix it. I find it a bizarre reaction, as it isn't really going to convince anyone of their competence. Imagine Apple being informed of a critical bug in their phones, advising everyone not to use that feature, and then announcing nothing for over 6 months....

 

[SolarBoy]

From Mitsubush's own website:

we would recommend that the Wi-Fi is deactivated using the ‘Cancel VIN Registration’ option on the app

Really don't think I'll get another Mitsubushi as the company doesn't seem to care about their customers.

 

[RichardM]

Does anyone react to car alarms anyway? I hate the things.

 

[Sailordoc]

Does anyone react to car alarms anyway? I hate the things.

I would look outside to check all was well with my car if I heard an alarm going of the same sound pattern, so I would imagine quite a few people would 'react' to it. But probably only to the same sound, and to check their own vehicle

 

[geoffshep69]

The app has not been fixed, and therefore the risk remains. But in my view, it is an extremely theoretical risk and not worth worrying about.

If this was a big deal, we would have seen a spate of PHEVs stolen via this method in the last 6 months. Has there even been one such incident ??

 

[greendwarf]

From Mitsubush's own website:

we would recommend that the Wi-Fi is deactivated using the ‘Cancel VIN Registration’ option on the app

Really don't think I'll get another Mitsubushi as the company doesn't seem to care about their customers.

I find this a curious statement. A car is a functional object not a service. Surely the criteria is - does it do want you want it to do better than the alternative? Whether or not the manufacturer cares about its customers only comes into play when this no longer holds true, i.e. something goes wrong and you need to call on them for assistance.

So if your car hasn't been hacked then then it is unlikely to be a factor in any re-purchase - unless you've been kept awake at night worrying about it :roll:

 

[RichardM]

Does anyone react to car alarms anyway? I hate the things.

I would look outside to check all was well with my car if I heard an alarm going of the same sound pattern, so I would imagine quite a few people would 'react' to it. But probably only to the same sound, and to check their own vehicle

Fair enough. I live rurally and never lock my cars unless I go to the big city. I always remove/disable alarms if I can (used to, hard/impossible on modern vehicles) because the only time they seem to go off is because of mice or moths getting in!

 

[SolarBoy]

From Mitsubush's own website:

we would recommend that the Wi-Fi is deactivated using the ‘Cancel VIN Registration’ option on the app

Really don't think I'll get another Mitsubushi as the company doesn't seem to care about their customers.

I find this a curious statement. A car is a functional object not a service. Surely the criteria is - does it do want you want it to do better than the alternative? Whether or not the manufacturer cares about its customers only comes into play when this no longer holds true, i.e. something goes wrong and you need to call on them for assistance.

So if your car hasn't been hacked then then it is unlikely to be a factor in any re-purchase - unless you've been kept awake at night worrying about it :roll:

Mitsubishi has had since June to fix this.

Other car manufacturers, Nissan, Jeep, Tesla quickly fix their security holes, Mitsubishi through their inaction are sending the message that they don't care about the security of their vehicles.

There is also false information on their website, the page says:

With the Wi-Fi disabled, the functions which are on the App can still be performed from inside the vehicle using the infotainment screen.

Hmm, not true, it is not possible to set ad hoc pre-conditioning, timed pre-conditioning needs to be programmed. The app allows a single button press to warm/cool the car. Ditto for the charging timer. Or turn the lights on or off via the infotainment system etc.

Security is important to me. The car advertises itself via it's in built hotspot wherever it is driven. Which is kinda creepy as I can see when my wife has returned as the car's SSID pops up on my WiFi scanner.

Be interesting to see if/how they fix it, opportunity here to completely fluff it as per the Mitsubishi of the 70's to late 90's or come out smelling of roses.