Jump to content
Forums Gone... but not forgotten!
Pontiac of the Month

FBIRD69's 1969 Firebird

2024 March
of the Month

  • Rev up your passion for Pontiacs and join our vibrant community of enthusiasts!

    Whether you're a die-hard fan of classic muscle cars or you've got a soft spot for sleek modern models, you've found your home here at Forever Pontiac. Our community is dedicated to celebrating everything Pontiac, from the iconic GTO to the legendary Firebird and everything in between.

    Unlock access to expert advice, stunning photo galleries, engaging discussions, exclusive events, and more!

    Start your Pontiac journey with us today!

    Sign up now! 🏁

Car and Driver: Nissan Blocking Leaf Smartphone App Due to Security Flaw


FeedBot

Recommended Posts

2016 Nissan Leaf

-

Nissan shut down one of its smartphone apps this week after an Australian software developer found that Leaf owners were highly vulnerable to data theft and hackers controlling parts of their cars.

-

-

The NissanConnect EV app, which allows Leaf (and e-NV200) owners to check their electric car’s battery status, analyze their driving habits, and activate climate control and battery charging, has been disabled.

-

Developer Troy Hunt detailed his finds on his website; the problem essentially boil down to Nissan neglecting to use standard authentication. Using a VIN generator to ping available cars, Hunt found he could gain access to the app’s remote functions—switching on his friend’s heated seats in Norway all the way from Australia, as one example—and could view logs of his driving history. Other exploits involve disabling the car’s charging process or repeatedly turning on the air conditioning. While Hunt couldn’t view personal information like names or addresses or pinpoint a car’s exact location, he considered the issue serious enough to report it to Nissan the next day. That was more than a month ago.

-

Comparing the Leaf flaw to the Jeep Cherokee hacks, Hunt wrote it was “good in that it doesn’t impact the driving controls of the vehicle, yet bad in that the ease of gaining access to vehicle controls in this fashion doesn’t get much easier—it’s profoundly trivial.” Nissan responded quickly, Hunt said, and company spokesman Steve Yaeger told us an updated app would be available soon, although he declined to give a specific date. The app functionality is still available over a regular web browser.

-

Nissan-Leaf-NissanConnect-app

-

“No other critical driving elements of the Nissan Leaf or eNV200 are affected, and our 200,000-plus LEAF and eNV200 drivers across the world can continue to use their cars safely and with total confidence,” Yaeger wrote. “The only functions that are affected are those controlled via the mobile phone—all of which are still available to be used manually, as with any standard vehicle.”

-

When asked about the company’s wider-reaching NissanConnect service—which does offer remote unlocking, remote start, vehicle tracking, and other telematics functions—Yaeger did not respond whether Nissan was looking into similar security holes.

-
--
-

Nissan, like Fiat-Chrysler and General Motors before it, has been extremely lucky to run into ethical “white hat” hackers like Hunt, who probe weak computer systems in order that nefarious “black hat” hackers won’t discover them first. But so far, automakers haven’t demonstrated confidence in locking down such complex software, especially those with the power to control a vehicle wirelessly.

-

“As car manufacturers rush towards joining in on the ‘internet of things’ craze, security cannot be an afterthought nor something we’re told they take seriously after realizing that they didn’t take it seriously enough in the first place,” he said.

-jcopD3fP8AQ

Read Full Article

Link to comment
Share on other sites

Tired of these Ads? Register Today!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Tired of these Ads? Purchase Enhanced Membership today to remove them!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.