Nissan Leaf App Disabled Over API Vulnerability That Allowed Hacking

Nissan has removed the ability to control the heating and cooling of its electric Leaf car via the NissanConnect EV app, following a security report.

Troy Hunt, an Australian Internet of Things researcher demonstrated that the dedicated smartphone app could be hacked and used to control the systems of other cars. He showed that it lets remote hackers access Leaf's temperature controls. What is more, a hacker could alter the driving record of the car, and the only information needed for that is the car's vehicle identification number (VIN).

Hunt posted a note on his blog, where he describes the flaw and how it found it. The researcher says that he alerted Nissan on Jan. 23 about the issue and made it public after security forums started debating it online.

Steve Yaeger from Nissan said that the problems relating to the app had "no effect whatsoever on the vehicle's operation or safety."

The company pointed out that the 200,000 Leaf vehicles on the streets are safe, and drivers can get behind the wheel in "total confidence." Nissan said that the functions that were previously controlled via the smartphone app can still be operated in manual mode. This makes the Leaf's heating and cooling options just as easy to modify as in any non-electric vehicle.

The automaker promised that it will deliver an updated, safe variant of the NissanConnect EV app in a timely fashion.

Hunt explained that the security liability does not affect the driving process, but it should be a warning sign for car manufacturers.

"Security cannot be an afterthought nor something we're told they take seriously after realizing that they didn't take it seriously enough in the first place," Hunt says.

He goes on to add that automakers need to be wary before jumping in the "Internet of things craze," if they treasure the safety of their customers.

Reiner Kappenberger, a product manager at HPE Security, says that Nissan is in luck. The fact that the vulnerability was discovered by a "white hat" means that it can be resolved before a malevolent hacker uses it for vile purposes.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics