Nissan Leaf “Hackable” According To Security Experts

Nissan Leaf “Hackable” According To Security Experts

A pair of security experts, Scott Helme and Troy Hunt, have released a video that shows that the Nissan Leaf can be hacked through the company’s remote management apps’ APIs. While there is no danger to drivers, it shows that there are vulnerabilities nonetheless.

Nissan Leaf hacked from 10,000 miles away

In the video released by the pair, it shows that one of the pair, Mr. Hunt, in Australia was able to manipulate the Nissan Leaf owned by a friend of his in the UK while Mr. Helme sat in that vehicle.

Corsair Capital Adds 17.5% In 2021, Notes “Change In Leadership” In Markets

According to a recent interview, Corsair Capital's founder Jay Petschek did not plan to be a hedge fund manager. After holding various roles on Wall Street, Petschek decided to launch the fund in January 1991, when his family and friends were asking him to buy equities on their behalf. He realized the best structure for Read More

Having discovered the hack, Mr. Hunt contacted Nissan and gave the automaker 30 days to fix the problem before he went public with the information this week. Nissan, is apparently working on the problem, but chose not to comment when contracted by the BBC.

At the very worst, someone hacking your car could drain your battery through the use of the Nissan Leaf’s seat warmers or air conditioning. The vulnerabilities in the API for both Android and iOS mobile apps don’t seem to work when the car is in motion and again there is nothing even close to “disable brakes” written into either app.

“The right thing to do at the moment would be for Nissan to turn it off altogether,” Mr Hunt told the BBC.

“They are going to have to let customers know. And to be honest, a fix would not be hard to do.

“It’s not that they have done authorisation [on the app] badly, they just haven’t done it at all, which is bizarre.”

He also pointed out that Nissan Leaf owners can disable their Nissan CarWings account and disable remote access to their cars.

In order to gain access to the car through the apps, a potential hacker would need to have the car’s VIN number. Thing is, all Nissan Leafs have the VIN number “SJNFAAZE0U60” prefacing them and then five additional digits. While you need those digits, you can see them through the windshield of the Nissan Leaf so it’s right there for anyone interested.

Now hacking a Tesla is another animal

While this discovery hardly shows the danger in someone accessing your car, it shows a larger problem. If someone were to take control of your Tesla Model S while in “auto-pilot” mode, that could lead to a really bad day.

While I trust Tesla’s security is much greater than Nissan’s, it shows that makers of self-driving cars and other cars that are connected to the Internet will need to be very careful working forward into the future.

The Tesla Model S’ auto-pilot is upgraded via the internet when the company wishes to make improvements based on improvements to the system.

Nissan Leaf hack not completely harmless

“It’s not as bad as it could be,” Mr Helme told the BBC.

However, Helme pointed out that the hack allows the hacker to observe your movements and that’s certainly a bit creepy and as you’ll read, inconvenient.

“But if I was to monitor your movements over the course of the week and learn when you go to and from work, shortly after you got to your office I could run the heating for the remainder of the day,” said Helme.

“That would potentially leave you with very little power – certainly not enough to get back home.”

Following Nissan’s failure to fix the problem pointed out by Hunt or to inform the public, Hunt went public.

“I decided we were past the point of not letting the cat out of the bag,” he said.

“Unfortunately what we are seeing is just another case of security being important after a problem is discovered,” he added.

Updated on

While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at [email protected]</i>
Previous article Big Data & Investment Management: The Potential To Quantify Traditionally Qualitative Factors
Next article Break Up The Big Banks? Seven Reasons Why That’s A Bad Idea

No posts to display