According to news reports, 838 Nissan has disabled its NissanConnect EV app after it was found that hackers could remotely control in-car systems.
Security researcher Troy Hunt discovered the vulnerability during a software workshop he was attending and has detailed his findings on his blog. In a test with fellow researcher Scott Helme, they found they were able to remotely turn on the car's heated seating, heated steering wheel, fans and air conditioning.
According to Helmes, “Fortunately, the Nissan Leaf doesn't have features like remote unlock or remote start, like some vehicles from other manufacturers do, because that would be a disaster with what's been uncovered. Still, a malicious actor could cause a great deal of problems for owners of the Nissan Leaf. Being able to remotely turn on the AC for a car might not seem like a problem, but this could put a significant drain on the battery over a period of time as the attacker can keep activating it.”
Paul Fletcher, cyber security evangelist at Alert Logic, comments, “The Nissan Leaf vulnerability is an issue that needs to be fixed by the manufacturer and while this vulnerability doesn’t have the same impact as the Jeep vulnerabilities documented last year, it’s an entry point into the controls of a vehicle and the potential for a more severe hack is now present."
Security researcher Troy Hunt discovered the vulnerability during a software workshop he was attending and has detailed his findings on his blog. In a test with fellow researcher Scott Helme, they found they were able to remotely turn on the car's heated seating, heated steering wheel, fans and air conditioning.
According to Helmes, “Fortunately, the Nissan Leaf doesn't have features like remote unlock or remote start, like some vehicles from other manufacturers do, because that would be a disaster with what's been uncovered. Still, a malicious actor could cause a great deal of problems for owners of the Nissan Leaf. Being able to remotely turn on the AC for a car might not seem like a problem, but this could put a significant drain on the battery over a period of time as the attacker can keep activating it.”
Paul Fletcher, cyber security evangelist at Alert Logic, comments, “The Nissan Leaf vulnerability is an issue that needs to be fixed by the manufacturer and while this vulnerability doesn’t have the same impact as the Jeep vulnerabilities documented last year, it’s an entry point into the controls of a vehicle and the potential for a more severe hack is now present."
