Jump to content
Forums Gone... but not forgotten!

Tired of these Ads? Register Today!

Pontiac of the Month

360Rocket's 1970 GTO

2019 March
of the Month

  • Welcome to Forever Pontiac

    We are a community of Pontiac enthusiasts. The purpose of our community is to keep alive the Pontiac spirit by sharing (or showing off) our cars, discussing Pontiac, helping each other work on our cars and find information, plus attend various meets/shows/etc... To aid discussion, sharing, event planning and selling of parts/cars/anything, we have various parts of the website to aid this from Forums to an online Garage to Classifieds to even a Document Download Repository. You can find links to these in our navigation above based on what each section helps with (discussion, local events, learning, etc...).

    We invite you to contribute, find help or just view some of our member's amazing cars! Don't forget, we also have great contests from time to time (like our Pontiac of the Month and yearly calendar contest) and our Pontiac This OR That, a fun game where you choose the best of two randomly selected Pontiacs from our online garage.

    We look forward to seeing you around!

Sign in to follow this  
FeedBot

Car and Driver: Nissan Blocking Leaf Smartphone App Due to Security Flaw

Recommended Posts

2016 Nissan Leaf

-

Nissan shut down one of its smartphone apps this week after an Australian software developer found that Leaf owners were highly vulnerable to data theft and hackers controlling parts of their cars.

-

-

The NissanConnect EV app, which allows Leaf (and e-NV200) owners to check their electric car’s battery status, analyze their driving habits, and activate climate control and battery charging, has been disabled.

-

Developer Troy Hunt detailed his finds on his website; the problem essentially boil down to Nissan neglecting to use standard authentication. Using a VIN generator to ping available cars, Hunt found he could gain access to the app’s remote functions—switching on his friend’s heated seats in Norway all the way from Australia, as one example—and could view logs of his driving history. Other exploits involve disabling the car’s charging process or repeatedly turning on the air conditioning. While Hunt couldn’t view personal information like names or addresses or pinpoint a car’s exact location, he considered the issue serious enough to report it to Nissan the next day. That was more than a month ago.

-

Comparing the Leaf flaw to the Jeep Cherokee hacks, Hunt wrote it was “good in that it doesn’t impact the driving controls of the vehicle, yet bad in that the ease of gaining access to vehicle controls in this fashion doesn’t get much easier—it’s profoundly trivial.” Nissan responded quickly, Hunt said, and company spokesman Steve Yaeger told us an updated app would be available soon, although he declined to give a specific date. The app functionality is still available over a regular web browser.

-

Nissan-Leaf-NissanConnect-app

-

“No other critical driving elements of the Nissan Leaf or eNV200 are affected, and our 200,000-plus LEAF and eNV200 drivers across the world can continue to use their cars safely and with total confidence,” Yaeger wrote. “The only functions that are affected are those controlled via the mobile phone—all of which are still available to be used manually, as with any standard vehicle.”

-

When asked about the company’s wider-reaching NissanConnect service—which does offer remote unlocking, remote start, vehicle tracking, and other telematics functions—Yaeger did not respond whether Nissan was looking into similar security holes.

-
--
-

Nissan, like Fiat-Chrysler and General Motors before it, has been extremely lucky to run into ethical “white hat” hackers like Hunt, who probe weak computer systems in order that nefarious “black hat” hackers won’t discover them first. But so far, automakers haven’t demonstrated confidence in locking down such complex software, especially those with the power to control a vehicle wirelessly.

-

“As car manufacturers rush towards joining in on the ‘internet of things’ craze, security cannot be an afterthought nor something we’re told they take seriously after realizing that they didn’t take it seriously enough in the first place,” he said.

-jcopD3fP8AQ

Read Full Article

Share this post


Link to post
Share on other sites

Tired of these Ads? Register Today!

:rofl: 

Share this post


Link to post
Share on other sites

:picard: 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

Tired of these Ads? Purchase Enhanced Membership today to remove them!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.