autoevolution
 

Nissan Leaf Vehicles Vulnerable to Hackers, Carmaker Working on a Fix

Nissan has restricted the access to and has temporarily stopped downloads of their NissanConnect EV app over safety concerns after several Leaf models got hacked.
Nissan Leaf 1 photo
Photo: Nissan
The NissanConnected EV app is a tool designed for customers, and it can pre-program specific car functions, like the temperature preset for the climate control, along with battery charging and monitoring previous trips.

All 200,000 Nissan Leaf customers that use this app are affected by the shut-off, and Nissan plans to launch a security update to fix the vulnerability.

Apparently, a skilled hacker could have access to the system if they know the VIN of the car. The vulnerability was not discovered by Nissan, but by Troy Hunt, a researcher and security consultant working with Microsoft.

According to Hunt, people should take IT security seriously and consider it just as important as personal safety. If you ask us, it's best to keep a close eye on both.

Due to the glitch in the NissanConnected EV app, hackers can remotely adjust the temperature in Nissan Leaf vehicles that don’t belong to them and view the driver’s trip history. Thankfully, that is all the access the hackers have to the Nissan Leaf.

The Japanese carmaker has deactivated the service for all customers to prevent further hacking. However, Nissan representatives have specified that the cars pose no danger to customers and are safe to use, just without the mobile app.

As Automotive News reports, the Australian researcher in security warned about the flaw on January 23. The vulnerability was discovered while Troy Hunt was in Norway, where an attendant to a workshop volunteered his Nissan Leaf for hacking.

Initially, they did not expect to be able to crack the security protocols between the vehicle and the smartphone, but the participants at the workshop quickly realized they could exploit a vulnerability in the way the security protocols of this car and its app worked.

All the hacker needed to know was the last five figures of a vehicle’s VIN. The demonstration worked even from across the world, showing that the vulnerability applies to the Internet, and the attacker and victim do not have to be in the same city or country for it to be exploited.

The researcher stated that he would have liked Nissan to act faster in such situations. The security specialist considers this type of flaw as a sort of thing that requires interruption of service until it is permanently fixed. Nissan officials responded that they have been in discussion with Mr. Hunt since last month and conducted an internal investigation to check his findings.

Unlike last year’s Jeep Cherokee hack through the UConnect system, the Nissan Leaf hack does not endanger the driver or others on the road, as the hacker cannot control the vehicle. However, the owner could have some awful days if a hacker would target him or her and raise or lower the temperature inside the car to an uncomfortable level on a day to day basis.

Troy Hunt explains how a Nissan Leaf can be hacked

If you liked the article, please follow us:  Google News icon Google News Youtube Instagram X (Twitter)
About the author: Sebastian Toma
Sebastian Toma profile photo

Sebastian's love for cars began at a young age. Little did he know that a career would emerge from this passion (and that it would not, sadly, involve being a professional racecar driver). In over fourteen years, he got behind the wheel of several hundred vehicles and in the offices of the most important car publications in his homeland.
Full profile

 

Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories