So Mitsubishi apparently has no business process for reporting security issues but they are aware that security is important!
I was shocked to read that GM was the second major (first if you don't count Tesla as major) automaker to set up a responsible disclosure program. [1]
1. http://arstechnica.com/security/2016/01/gm-embraces-white-ha...
Besides, it seems like a rather simple solution would be to simply allow owners to change the PSK for the AP in the car.
No need to disable the alarm; it is already largely useless for its intended purpose. :/
Actually that has happened once to my parents' car. The alarm saved the wheels. Thieves wanted to steal the wheels (not the whole car) and they managed to unscrew 3 of them when they accidentally activated the alarm and ran away. Funny, they left their car jack behind.
Anyway, it is a pity they didn't analyze the security level of the OBD2 interface and other systems connected to the ECU or CAN bus. I saw a few youtube videos of thieves stealing cars in a way they enter into a car and in a few minutes they just switch the engine on and drive away. From the outside, it really doesn't look suspicious - probably most people seeing this would not notice the car was being stolen. This shouldn't be that easy - there's certainly something wrong with the design of the factory anti-theft systems.
Part of the problem is just plain oversensitivity (alarms being set off by passing trucks and such), and part of it is bad design. For example, my alarm will go off if you close the trunk. That's completely nonsensical: when the car is secure, the truck will already be closed, and opening it would be the appropriate trigger. But it does mean that I occasionally set it off in my garage because I left the trunk open, locked the car, then came back and closed it.
EDIT: I'm surprised it costs 1,000 GBP to cloud-hack a PSK of this length, considering there are lots of GPUs mining cryptocurrencies at about $0.15 an hour.
AFAIK, at least officially licensed BMW dealerships can do this, and the VW software (VAG COM) for car shops has leaked countless times.
As soon as you have access to the OBD port, all you need is either cracked dealer software or some low-paid dude with an interest in earning side money and keys to the dealership. Or, if you want to avoid people calling the cops on you, buy/steal a tow truck with a lift. No one will call the cops if they hear a thief alarm and a tow truck with flashing yellow lights - people will assume either the legit owner has a breakdown or, to up the game if you have another (stolen) car with blue lights, the cops are towing the vehicle.
The hole thing is kind of meh.
