Thursday, January 18, 2018
Home Tags Mitsubishi

Tag: Mitsubishi

Capabilities enable mid-size organizations to know as much about their workforce as they do about their customersSAN FRANCISCO at Dreamforce ’16 and CHICAGO at the 19th Annual HR Tech Conference (October 4, 2016) – Fairsail, provider of award-winning global cloud HRIS for the mid-market, today announced details of its enhanced People Analytics capabilities, built using Salesforce Wave Analytics – a mobile-first, revolutionary analytics platform that provides flexible business intelligence.

Fairsail People Analytics revolutionizes the way organizations use information, enabling them to know as much about their people as they know about their customers; transforming businesses into people companies by enabling People Scientists to discover hidden patterns in data, predict future trends and gain new insights to make better informed people decisions and proactively take the most impactful actions. Fairsail is the first human resources information system (HRIS) to leverage Salesforce Wave Analytics.

This new capability provides businesses with a level of visibility beyond the typical information available to HR, delivered through the latest visualization techniques and optimized for Android and iOS mobile devices. Management teams benefit from having a more complete view of their workforce, enabling them to deliver outstanding workforce experiences and encourage maximum performance from their people. “In order to best manage talent, companies need full visibility into their workforce. Yet, for the modern, global organization, doing so presents significant challenges, like identifying which employees hold critical IP about products or customers, and whether those individuals are happy,” said Adam Hale, CEO of Fairsail. “Our new People Analytics help People Scientists gain predictive insights and be more proactive, providing a more holistic understanding of people through increased contextual information from multiple sources, not just HR.

This helps companies get the best out of their workforce because they now have more complete information on how to improve engagement and performance, or mitigate the attrition risk of key staff.” HR professionals and company leaders are often limited in the people information they can access, as it is usually restricted to data from HR apps and dashboards.

Fairsail solves this challenge by combining fragmented and siloed internal and external information about their people into one integrated set of dashboards and analytics.

This includes internal sources like finance systems or payroll, to understand the costs associated with each employee or department, as well as publicly available data outside the organization, such as social profiles, which provide a more rounded picture of employees and their interests. Fairsail People Analytics key capabilities include: Leading visualization techniques: With thematic maps, combination graphs, funnel charts, waterfall charts and more, Fairsail provides easy-to-understand, actionable insights, and can superimpose data on thematic or choropleth maps to uncover spatial patterns and reveal unrecognized trends.
It could also be used to show the locations of employees who pose the greatest flight risk, determined through Fairsail’s Flight Risk Radar, which alerts managers to early warning signals such as an employee taking a series of single days off or behavioral changes like arriving at work late or leaving early. Integration with leading platforms: Fairsail People Analytics provides organizations with the ability to supplement existing HR data stored in Fairsail with additional data from other external systems, including leading integration platforms such as Informatica, IBM, Snaplogic, Mulesoft and others. “Fairsail provides the data-driven approach that forward-looking companies need to become proactive in achieving the best from their workforce; we’re continually seeking new ways for them to gain actionable insights that may otherwise remain hidden,” Hale added. “Our new People Analytics further cement our position as a leader in providing great workforce experiences by leveraging multiple sources of data about employees, and presenting these in an easy-to-understand format that allows organizations to optimize their people potential.” Fairsail will introduce and demo its People Analytics capabilities, as well as its wide range of solutions, at two major industry events this week.

The company will showcase its solutions at Dreamforce ‘16 in San Francisco (Booth 2043) and at the 19th Annual HR Technology Conference and Expo, at McCormick Place in Chicago (Booth 425).

Both events take place October 4-7, 2016. Additional information about Fairsail’s People Analytics capabilities can be accessed here: About FairsailFairsail enables mid-size, multinational companies to manage modern workforces through its global cloud HRMS, transforming how organizations acquire, engage, manage and develop their people.
Implemented quickly and simple to use, the award-winning system increases workforce visibility, HR productivity and provides better experiences across the entire workforce.

Fairsail’s customer portfolio includes Aveva, Cobalt International Energy, Huddle, Mitsubishi UFG, Paddy Power Betfair, Sage, SDL, Skyscanner, and SolarWinds. Additional ResourcesLearn more about Fairsail on the website.Follow Fairsail on Twitter and the Fairsail Blog. # # # Note to editors: Trademarks and registered trademarks referenced herein remain the property of their respective owners. PR Contact:Kate FletcherFairsail+44 (0)
EnlargeThe Last Ship, Warner Bros Television reader comments 25 Share this story A massive leak of documents on India’s new military submarines from French shipbuilder DCNS is the result of a hack, the country's defence minister said on Wednesday. Manohar Parrikar claimed, according to local reports, that the entire designs of its Scorpene submarines hadn't been disclosed. “First step is to identify if its related to us, and anyway its not all 100 percent leak,” he was quoted as saying. The documents were made public by The Australian on Tuesday, which described the breach as an “Edward Snowden-sized leak.” A DCNS spokesperson told Ars: “DCNS has been made aware of articles published in the Australian press related to the leakage of sensitive data about Indian Scorpene.

This serious matter is thoroughly investigated by the proper French national authorities for defence security.

This investigation will determine the exact nature of the leaked documents, the potential damages to DCNS customers as well as the responsibilities for this leakage.” Although the 22,000-page cache of documents date from 2011, they give very detailed technical information about the combat capability of the Scorpene vessels, which are currently in use in Malaysia and Chile.
India signed the £2.6 billion deal for six of the boats in 2005—they are to be built in conjunction with an Indian government-owned Mumbai shipbuilder—and Brazil is due to deploy the vessels in 2018. Such sensitive information in the wrong hands would have huge ramifications for national security in all four countries. “It appears that the source of leak is from overseas and not in India,” Parrikar said, vowing to investigate further. Australia is also very concerned.

Earlier this year, DCNS won an AUS$50 billion contract—the country’s largest-ever defence deal—to build a new submarine fleet.

The French group saw off bids from Germany’s ThyssenKrupp AG and a Japanese-government consortium of Mitsubishi Heavy Industries and Kawasaki Heavy Industries. Details about the Australian contract, expected to run into the 2050s, weren't disclosed in the leak.

But it has raised concerns about the data security of the defence project.

The country's prime minister Malcolm Turnbull said the leak was a reminder of the importance of cyber security, but claimed that Australia, where the 4,500-tonne Shortfin Barracuda submarines will be built, has “high security standards”—an assertion called into question in the recent census debacle. This post originated on Ars Technica UK
The French are said to be going ballistic India is investigating a security breach affecting its French-built Scorpene-class submarines after more than 22,000 pages covering its secret capabilities were leaked. First reported in The Australian, the documents offer details on the designs of the submarines, which were put together by French company DCNS. Based on the Scorpene design, and dubbed the Kalvari class, the first diesel-electric boat is due to enter service by the end of this year. The Australian posted redacted excerpts from the leaked documents on its site, and reported it had seen thousands of pages offering details of the Scorpene’s underwater sensors, above-water sensors, its combat management system, its torpedo launch system and specifications, and its communications and navigation systems. According to Reuters, Indian Defence Minister Manohar Parrikar told reporters: “I understand there has been a case of hacking. We will find out what has happened.” India bought six submarines from DCNS back in 2005, costing roughly US $3.5bn in total.

DCNS outbid Germany’s ThyssenKrupp, as well as a Japanese government-supported bid by a Mitsubishi and Kawasaki joint venture, to win the Australian contract. According to Reuters, a DCNS spokesperson said the company wouldn’t immediately authenticate the documents but additionally did not “rule out that the leak was part of an ‘economic war’ waged by the competitors it beat in the contest for the Australian contract.” Devastating impact Excerpts of the documents which were posted on The Australian’s website contained critically sensitive information on the submarine, a political source with “decades of experience in the global arms industry” told Reuters. Including technical manuals and models of the boat’s antennas, the leak exposes the new submarines' secrets in an unforgivable way: “If it’s 22,400 pages, it’s a major stuff-up, it’s a huge deal.
It allows them to understand everything about the submarines. What speeds it can do; how noisy it is; what speeds the mast can be raised at… all of that is just devastating,” said Reuters’ source. The set-back to the Indian Navy comes while its existing fleet of 13 subs – only half of which are operational at any time, according to Reuters – are trying to contest China's maritime presence in the Indian Ocean. A statement from the Indian Navy confirmed that the available information about the leak “is being examined at Integrated Headquarters, Ministry of Defence (Navy) and an analysis is being carried out by the concerned specialists.” The Navy added: “It appears that the source of leak is from overseas and not in India.” The Australian noted that DCNS won a bid to design 12 vessels for Australia’s new submarine fleet back in April, and the leak threatens the stealth advantages for the new submarines being designed for Oz. DCNS has not responded to The Register's requests for comment by the time of publication. ® Sponsored: 2016 Cyberthreat defense report
Remote control eavesdrop clone is 'master key' Security researchers will highlight vulnerabilities in keyless entry systems that impact on the protection against theft of millions of cars at a conference tomorrow. The researchers, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, said they'd found that it was possible to clone a VW Group remote control after eavesdropping on a signal. The hack means its possible for thieves to unlock cars even if the owners have locked them. Worse yet, almost every vehicle the Volkswagen group has sold for the last 20 years – including cars badged under the Audi and Skoda brands – are potentially vulnerable, say the researchers.

The problem stems from VW’s reliance on a “few, global master keys”. El Reg asked Volkswagen’s PR team to comment on the upcoming research but we didn’t hear back at the time of going to press. We’ll update this story as and when we hear anything more. During an upcoming presentation, entitled Lock It and Still Lose It — on the (In)Security of Automotive Remote Keyless Entry Systems at the Usenix security conference (abstract below) – the researchers are also due to outline a different set of cryptographic flaws in keyless entry systems as used by car manufacturers including Ford, Mitsubishi, Nissan and Peugeot. The two examples are designed to raise awareness and show that keyless entry systems are insecure and ought to be re-engineered in much the same way that car immobilisers were previously shown to provide less than adequate protection. While most automotive immobiliser systems have been shown to be insecure in the last few years, the security of remote keyless entry systems (to lock and unlock a car) based on rolling codes has received less attention.
In this paper, we close this gap and present vulnerabilities in keyless entry schemes used by major manufacturers. In our first case study, we show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys. We show that by recovering the cryptographic algorithms and keys from electronic control units, an adversary is able to clone a VW Group remote control and gain unauthorised access to a vehicle by eavesdropping a single signal sent by the original remote. Secondly, we describe the Hitag2 rolling code scheme (used in vehicles made by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford among others) in full detail. We present a novel correlation-based attack on Hitag2, which allows recovery of the cryptographic key and thus cloning of the remote control with four to eight rolling codes and a few minutes of computation on a laptop. Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles. Garcia was previously blocked from giving a talk about weaknesses in car immobilisers following a successful application to a British court by Volkswagen.

This earlier research on how the ignition key used to start cars might be subverted was eventually presented last year, following a two year legally enforced postponement. The latest research shows how tech-savvy thieves might be able to unlock cars locked by the vehicles' owners without covering how their engines might subsequently be turned on. Wired reports that both attacks might be carried out using a cheap $40 piece of radio hardware to intercept signals from a victim’s key fob.

Alternatively, a software defined radio rig connected to a laptop might be employed.

Either way, captured data can be used to make counterfeit kit. ® Sponsored: 2016 Cyberthreat defense report
Frank Derksreader comments 64 Share this story Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities. The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob—obtained with a little electronic eavesdropping, say—you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroën, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute. Similar techniques have been linked to a number of car thefts, including most recently in Houston. It seems the power of 1990s-era automotive-grade encryption is helpless in the face of $40 Arduinos and SDR.
Swells the ranks of ethical hackers at Secarma Secarma, the cyber security business owned by UKFast chief exec Lawrence Jones, has bought application security specialists Pentest Limited reportedly for £10m. The CHECK and CREST accredited company, whose 45-strong team work with global blue chip organisations, will add a team of ethical hackers to Secarma's roster. John Denneny, managing director for Altrincham, Cheshire-based Pentest Limited, said: “The deal gives us the opportunity to invest in our people and its future growth to a degree that we could not match standalone." Pentest Limited is unrelated to Buckinghamshire-based Pen Test Partners of Mitsubishi Outlander and iKettle hacking fame. Penetration testing (AKA pen testing or ethical hacking) is a core service offered by many security consultancies to corporates, so it's not too surprising there are a few firms whose name shares the same root. The security team at Pentest are set to move to UKFast's main offices in Manchester, where cyber research lab and SOC are being erected. Pentest Ltd filed abreviated accounts for the year ended 31 May 2015 showing total net assets of £1.259m. Manchester-based UKFast started off as a business focused ISP but these days describes itself as a cloud infrastructure provider. ® Sponsored: Global DDoS threat landscape report
Hey, this isn't the way to Chad's house... and who unlocked the doors? Two unpatched vulnerabilities in BMW's ConnectedDrive web portal create a mechanism to manipulate car settings, a security researcher warns. The first (and more serious) vulnerability creates a means for a hacker to access another driver’s Vehicle Identification Number (VIN) before changing in-car settings such as lock/unlocking the vehicle, accessing email accounts, managing routes and real-time traffic information as managed through BMW's In-Car Infotainment Systems.

The second (lesser) issue involves a reflective cross-site scripting bug on BMW’s ConnectedDrive portal password reset webpage. Both flaws were uncovered by security researcher Benjamin Kunz Mejri of Vulnerability Laboratory, who went public with two advisories (here and here). El Reg has put in a request for comment on the flaws to BMW but is yet to hear back from the German carmaker. We’ll update this story as and when we hear more. Kunz Mejri explained: “The VIN ID is connected to the configuration of the cars.

After the first login you have to add a valid VIN to access the configuration.

The manipulation allows to bypass the validation approval of the VIN and to access your configuration.

At the end an attacker is able to fully (unauthorised) access the configuration of another BMW car user.” The cross-site scripting flaw also needs addressing, according to Kunz Mejri. “The XSS is at the location of the secure token that is approved for each login requested,” he explained. “An attacker can send a valid token with this payload to exploit the BMW portal account users." The bug has been estimated to be of medium severity.” The security issues with BMW’s connected car technology follow earlier issues with its kit and just weeks after security shortcoming in the Mitsubishi Outlander were exposed by security researchers at Pen Test Partners. Independent security experts argue that a re-think in vehicle security architectures is overdue. Simon Moffatt, EMEA director of advanced customer engineering at identity and access management firm ForgeRock, commented: “The BMW zero-day vulnerability that allows VIN session hijacking is yet another example of why an identity-centric approach to connected device management is essential in reducing risk and enhancing user experience.

As more and more objects join the Internet of Things, high-end items such as connected cars will become increasingly attractive targets for hackers. “Whilst manufacturers focus on end user experience and device connectivity, there needs to be a more joined-up approach to security, including a strong focus on device, service and user identity management,” he added. ® Sponsored: Global DDoS threat landscape report
Steve Hughes, who heads CTRM software company Aspect, has been named the sector’s CEO of 2016 by Wealth & Finance Magazine.Made as a result of a combination of votes from readers and the magazine’s in-house researchers, the award notes that under Hughes’ leadership Aspect has emerged as the sector’s disruptor, changing the way global trading operations approach trade and risk management and taking market share from larger legacy CTRM vendors. Aspect's Hughes CEO of the Year See complete interview on the Wealth & Finance website pages 20-23 at this link Or click here to see the 4-page spread Aspect has overturned the legacy CTRM model of on-premises IT infrastructure and software licenses with a new approach based on a simple a subscription-based Cloud-hosted service accessed through desktop and portable browsers. Deployment timelines under the old model were typically measured in many months or longer. With Aspect’s software-as-a-service (SaaS) delivery model deployment times tumble to weeks and in some instances just a few days, with cost of ownership falling accordingly. Initially Aspect focused its sales efforts on mid-tier trading houses unable to afford the costly legacy model and still relying on cheap but unreliable spreadsheets to aid tracking of trades.

But sector confidence in the security and integrity of the Cloud has grown, and Aspect has gained a reputation for benchmark functionality and much lower costs.

The company has long-time major-league customers like Trafigura and Mitsubishi, and in the last few months has signed multiple international firms including Hess, BP, MENA Energy, Klesch and Gulf Petrochem.
In 2015 Aspect grew sales of its AspectCTRM solution by 71% over the previous year. Accepting the Wealth & Finance Magazine award, Hughes said: “The commodity trading industry is under tremendous pressure right now with shrinking lines of credit, regulatory changes and the ultra-low price of many commodities. However, each of these pressures drive new clients to our solutions. We are in the right place at the right time… by design.” About AspectAspect is a leading global provider of multi-commodity trade, risk and operations management applications delivered Software-as-a-Service (SaaS) in the cloud. With almost 500 customers in 90 countries, it’s one of the fastest growing providers with rapid deployment, affordable subscriptions, and immediate ROI for all size companies.
Solutions include AspectCTRM®, a full-featured commodity trading and risk management enterprise suite for front, middle and back office.
It’s available in three editions: Lite, Standard and Enterprise, expanding in functionality according to the needs and budgets of clients.

Aspect is the only ETRM/CTRM solutions provider with market data and analytics tools delivered with its trade and risk functions on the same platform.

This provides users with a seamless packaged solution beginning with pre-trade pricing analysis and market assessments via AspectDSC.

Aspect’s solutions are available on desktop, tablets and mobile devices and through its new Aspect Partner Program (APP). Media ContactBrigette GebhardAspect+1
As we've noted before, Ars readers are extremely skeptical about the whole "connected car" thing.

That's not because Ars is a technology site for luddites—the sad truth is that the car industry's approach to security lags far behind its desire to expose the inner thoughts of our cars to us via the cloud. As the tech and auto industries collide, the tech crowd is hoping that its more farsighted approach to ensuring secure hardware and code will start to rub off on its new bedfellow. On Wednesday and Thursday this week, the two have come together in Michigan for TU-Automotive Detroit, a conference that's focusing in part on this very topic.

And tech firms—from established players like Symantec to startups like Karamba Security—want to help the automakers find their way. The glaring lack of connected security for our cars got mainstream attention last year when Fiat Chrysler had to recall 1.4 million vehicles, but despite the FBI's plea to motorists to remain aware of security issues in cars, the driving public doesn't seem too concerned.

Earlier this week, research firm Forrester announced that more than one in three Americans wants their next car to have better Internet connectivity. Meanwhile, the hacks keep happening. Nissan's API for its Leaf electric vehicle allowed completely anonymous requests to cars. Mitsubishi might have decided to enable connected car services for its Outlander via the vehicle's Wi-Fi in part to safeguard against attacks in the cloud, but it forgot that Wi-Fi needs some common sense security protections, too.It's a problem that's common across the Internet of Things, but it's particularly troublesome for our cars, according to Dirk Gates, founder of Wi-Fi network firm Xirrus. "This is a growing problem with IoT devices: vendors trying to take short cuts to make their lives easier, and in the process compromising security and making their user’s lives tougher," Gates said. "We’ve seen this in the past with printers and projectors, even toy drones, but this sort of massive shortcut on a car is unprecedented, and it shows that all IoT manufacturers, even the big guys, need to wake up and take security seriously." "There are no shortcuts when it comes to making an IoT device a proper network endpoint supporting all the appropriate forms of security," he continued. "And to make customers' lives easier, these devices should all communicate through a cloud interface to not only allow ubiquitous access but also to provide another layer of authentication and security." Part of the issue, according to Brian Witten, Symantec's senior director for IT, is the way that car companies integrate new and existing electronic systems into the vehicles they build. With the exception of a few young upstarts like Tesla, no one starts with a completely clean sheet of paper. Rather, modules and components and code are brought in from tiers of suppliers; the OEM's job is to integrate that all together. "There's such little reuse of software within the car [industry] because each supplier has their own codebase.

Everyone is running different operating systems," Witten told Ars. "Most systems-heavy industries have moved to simplifying codebases.

The auto industry's dependence on supplies in such a tiered structure (with autonomy and inadequate security) hasn't worked in their favor.

Aviation doesn't work in the same way.

Train systems are more integrated.

Established OEMs have challenges that a lot of new players don't have, and other industries don't have either." "We crash test cars, but we don't crash test software.

There needs to be more security testing before these vehicles hit the road," Witten said. "There's an opportunity with software to deliver functionality in much shorter time cycles [than the industry norm]. Of course, it still needs to go through security and safety testing before the build is wrapped.

But I'm optimistic it can be done safely in much shorter time frames than hardware.

A problem is that a lot of security engineers haven't worked on extremely constrained devices [like the various modules in our cars], and a lot of embedded engineers haven't had to think seriously about security." Symantec moved into the automotive security field in 2015 and has just released the third of its products for the industry, an anomaly detection system that constantly monitors the CANbus (the Controller Area Network bus is the car's internal electronic network) for signs of malicious behavior.

The code isn't processor-intensive (Witten says it uses about six percent of a CPU), and it runs on hardware already in our cars, from security gateways to infotainment systems. "We need to be able to find footprints in the sand," Witten said in reference to fighting the hacking threat. "We've been in machine learning since 2004 and have tracked over a trillion security events in the cloud.
So we wanted to use that ability and those tools to build something for the car industry." Witten told us that Symantec has already signed on several of the largest OEMs and expects the company's tech will shortly be going into about 10 million new cars a year, although it declined to name them due to industry confidentiality agreements. He was cautious to point out, though, that there won't be a single fix—or even a single company—that OEMs can turn to in order to solve their security woes. Symantec's Anomaly Detection starts off learning what "normal" is for a particular model of car during the development process, building up a picture of automotive information homeostasis by observing CANbus traffic during production testing. Out in the wild, it uses this profile of activity to compare that to the car it's running on, alerting the Symantec and the OEM in the event of something untoward happening. Other companies are working on other code solutions for the car companies, like Karamba's Carwall code, for example.

Carwall's code can also be embedded into ECUs within our cars, where it performs real-time threat detection, preventing any unsigned code from running. It's still early days for the car industry's connected car reckoning, so expect to hear plenty more about hacked vehicles in the coming years.
Wi-Fi pre-shared key in owner's manual. Hmmm Security weaknesses in the set-up of Mitsubishi Outlander leave the hybrid car exposed to hack attacks - including the potential for crooks to disable theft alarms. The Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV) is a top-selling family hybrid SUV. More than 100,000 of them have been sold worldwide, around 22,000 of those in the UK alone. Security researchers at Pen Test Partners began investigating the security of the car after one of its consultants noticed that the mobile app had an unusual method of connecting to the vehicle. Most remote control apps for locating the car, flashing the headlights, locking it remotely etc work using a web service hosted by either the car's manufacturer or its service provider.

Drivers communicate through the GSM mobile network via mobile data to a module on the car. The Outlander PHEV does it differently.
Instead of a GSM module, the car comes outfitted with a Wi-Fi access point.

Drivers need to disconnect from any other Wi-Fi networks and explicitly connect to the car Access Point in order to control car functions. This means that drivers can only communicate with the car from within Wi-Fi range, a huge disadvantage. Worse yet, Pen Test Partners (PTP) found that Mitsubishi had failed to implement the system securely. The Wi-Fi pre-shared key is written on a piece of paper included in the owner's manual.

The format is too simple and too short, so PTP was able to use brute force hacking techniques to crack the keys within four days.

A more powerful rig or a cloud-based system could drastically reduce the time it would take to recover these crypto keys. The access point has a unique SSID in the format: <REMOTEnnaaaa>, where "n" are numbers and "a" are lower case letters. This meant PTP’s security boffins were able to search Wireless Geographic Logging Engine and easily geolocate Outlander PHEVs, including several in the UK. A thief or hacker can therefore easily locate a car that is of interest to them, Pen Test Partners warns. Knowing the SSID and the associated PSK creates a means for attackers to mount all manner of attacks. After running a man-in-the-middle attack, Pen Test Partners gained the ability to replay various messages from the mobile app.

After working out the binary protocol used for messaging, the security researchers were able to successfully turn the lights on and off. the same approach allowed manipulation of the car electricity charging programme, forcing the car to charge up on premium rate electricity. PTP researcher further gained the ability to turn the air conditioning or heating on/off to order, draining the battery in the process. Much more seriously, PTP white hats were able to disable the £40K car’s anti-theft alarm - something that wasn’t possible in an earlier pen test against the Nissan Leaf electric car by the same team of security researchers. After sending the correct message, with no further authentication than having cracked the Wi-Fi PSK, it was possible to turn off the alarm of the Mitsubishi Outlander. Pen Test Partner’s Ken Munro commented: “Disable the alarm, prise the door or smash the window. Unlock the car. Nuts! This is shocking and should not be possible,” he added.
Once unlocked, there is potential for many more attacks against the car.

The onboard diagnostics port is accessible once the door is unlocked, opening the door to all sorts of mischief.

The full scope of potential malfeasance was beyond the scope of Pen Test Partners research. In particular, the security researchers haven’t as yet looked at connections between the Wi-Fi module and the CANBUS. “There is certainly access to the infotainment system from the Wi-Fi module,” Munro explained. “Whether this extends to the CAN is something we need more time to investigate.” Pen Test Partners passed on its research to Mitsubishi UK (when?) before going public. Mitsubishi told the security researchers that ‘did not consider it a problem’ and had no plans to resolve the issues PTP had unearthed. Munro expressed dismay at this response. “We had found a trivial route to disable the theft alarm of a vehicle, exposing it (or at least its contents) to theft,” Munro said. “It would not take long for someone rather less ethical to figure out the same hack and potentially share it with the vehicle theft community.” Fortunately security conscious Mitsubishi Outlander owners can protect themselves from attack even without action by Mitsubishi. Owners can unpair all mobile devices that have been connected to the car access point, as a short term workaround. “Once all paired devices are unpaired, the Wi-Fi module will effectively go to sleep,” Munro explained. “It cannot be powered up again until the car key remote is pressed ten times.

A nice security feature.” “This has the side effect of rendering the mobile app useless, but at least it fixes the security problem,” he added. A longer term fix is in the hands of Mitsubishi and would involve pushing new firmware to the Wi-Fi module so the mobile app can be used without creating a security fix.
In the longer term, Mitsubishi needs to re-engineer the rather odd Wi-Fi Access Point – client connection method completely, Pen Test Partners concludes. Mitsubishi has published a fix, whereby the user "Delete[s] Registration", which also has the effect of turning off the Wi-Fi access point.

The fix is half-way down this web page, under the heading "Delete Registration (Initialization Process)". Pen Test Partners said it would be demonstrating the hack live on its stand at the Infosecurity Europe trade show. ® Sponsored: Rise of the machines