After a cyber-security specialist found out that the smartphone app specially made to remotely control some of Leaf’s functions could be hacked, Nissan decided to temporally disable it.
Concerns over cyber-security issues are increasingly growing within the auto industry, as more and more automakers are developing all sorts of smartphone application to remotely access many of the cars’ features. The technology and the trend cannot be stopped, but neither are the hackers, specialists say. These days, you can play from the distance with many functions, such as unlocking the car, open the boot, start the car or set the clime control. Nissan is one of those automakers which allows Leaf’s owner to remotely make some adjustments, through a simpler smart application called NissanConnect EV. However, it seems the app is vulnerable to hackers, as cyber-security research Troy Hunt recently discovered, disclosing the vulnerabilities on his website. He said that by knowing the car’s vehicle identification number, or VIN, outsiders could turn on the climate control, control the charging or access some private information, such as trip data, and see where the driver has been.
“Being able to remotely turn on the AC for a car might not seem like a problem, but this could put a significant drain on the battery over a period of time as the attacker can keep activating it,” Hunt wrote. “Fortunately, the Nissan Leaf doesn’t have features like remote unlock or remote start, like some vehicles from other manufacturers do, because that would be a disaster with what’s been uncovered,” he added.
Nissan confirmed Hunt’s findings and said it temporally disabled the app. “We apologize for the disappointment caused to our Nissan Leaf customers who have enjoyed the benefits of our mobile apps,” a Nissan spokesperson said. “However, the quality and seamless operation of our products is paramount. We’re looking forward to launching updated versions of our apps very soon.”
Via Troy Hunt