Jump to content
Forums Gone... but not forgotten!
Pontiac of the Month

Damon Lewis' 1977 Can Am

2021 July
of the Month

  • Welcome!

    Welcome to Forever Pontiac, where we keep the memory of Pontiac alive with great discussion, maintenance tips, restoration/modification progression "blogs" and help from professional & DIY mechanics. Also, wonderful competitions that occur regularly. Please register for an absolutely free account to join in!

Car and Driver: Nissan Blocking Leaf Smartphone App Due to Security Flaw


Recommended Posts

2016 Nissan Leaf


Nissan shut down one of its smartphone apps this week after an Australian software developer found that Leaf owners were highly vulnerable to data theft and hackers controlling parts of their cars.



The NissanConnect EV app, which allows Leaf (and e-NV200) owners to check their electric car’s battery status, analyze their driving habits, and activate climate control and battery charging, has been disabled.


Developer Troy Hunt detailed his finds on his website; the problem essentially boil down to Nissan neglecting to use standard authentication. Using a VIN generator to ping available cars, Hunt found he could gain access to the app’s remote functions—switching on his friend’s heated seats in Norway all the way from Australia, as one example—and could view logs of his driving history. Other exploits involve disabling the car’s charging process or repeatedly turning on the air conditioning. While Hunt couldn’t view personal information like names or addresses or pinpoint a car’s exact location, he considered the issue serious enough to report it to Nissan the next day. That was more than a month ago.


Comparing the Leaf flaw to the Jeep Cherokee hacks, Hunt wrote it was “good in that it doesn’t impact the driving controls of the vehicle, yet bad in that the ease of gaining access to vehicle controls in this fashion doesn’t get much easier—it’s profoundly trivial.” Nissan responded quickly, Hunt said, and company spokesman Steve Yaeger told us an updated app would be available soon, although he declined to give a specific date. The app functionality is still available over a regular web browser.




“No other critical driving elements of the Nissan Leaf or eNV200 are affected, and our 200,000-plus LEAF and eNV200 drivers across the world can continue to use their cars safely and with total confidence,” Yaeger wrote. “The only functions that are affected are those controlled via the mobile phone—all of which are still available to be used manually, as with any standard vehicle.”


When asked about the company’s wider-reaching NissanConnect service—which does offer remote unlocking, remote start, vehicle tracking, and other telematics functions—Yaeger did not respond whether Nissan was looking into similar security holes.


Nissan, like Fiat-Chrysler and General Motors before it, has been extremely lucky to run into ethical “white hat” hackers like Hunt, who probe weak computer systems in order that nefarious “black hat” hackers won’t discover them first. But so far, automakers haven’t demonstrated confidence in locking down such complex software, especially those with the power to control a vehicle wirelessly.


“As car manufacturers rush towards joining in on the ‘internet of things’ craze, security cannot be an afterthought nor something we’re told they take seriously after realizing that they didn’t take it seriously enough in the first place,” he said.


Read Full Article

Link to comment
Share on other sites

Tired of these Ads? Register Today!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Tired of these Ads? Purchase Enhanced Membership today to remove them!
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.