adminSome of Nissan’s Leaf cars can be easily hacked, allowing their heating and air-conditioning systems to be hijacked, according to a prominent security researcher.
Troy Hunt reported that a flaw with the electric vehicle’s companion app also meant data about drivers’ recent journeys could be spied on.
Hunt said he gave the firm a month to fix the issue before he decided to make it public.
Nissan said it could not yet comment.
The problem remains unresolved but Hunt said car owners could protect themselves by disabling their Nissan CarWings account. Those who have never signed up are not at risk. Hunt acknowledged that the issue was not life-threatening, but said hackers could still exploit the NissanConnect app’s vulnerability to cause mischief by running down people’s batteries.
“The right thing to do at the moment would be for Nissan to turn it off altogether,” Hunt told the BBC.
“They are going to have to let customers know. And to be honest, a fix would not be hard to do.
“It’s not that they have done authorisation [on the app] badly, they just haven’t done it at all, which is bizarre.”
The BBC contacted the Japanese carmaker but a spokeswoman said it was not yet able to comment.
Hunt said the root of the problem was that the firm’s NissanConnect app needed only a car’s vehicle identification number (Vin) to take control.
The code is usually stencilled into a car’s windscreen, making it relatively easy to copy.
The initial characters of a Vin refer to the brand, make of car, and country of manufacture/location of the firm’s headquarters.
So, Hunt said, it would only be the final numbers that varied between different Nissan Leafs based in the same region.
“Normally it’s only the last five digits that differ,” he explained. — BBC News.
Online Reporter