Troy Hunt who is behind the website HaveIBeenPwned has come across and documented a vulnerability in the Nissan Leaf that will leave owners of the electric car cold. He found that there’s no security in the popular electric car as demonstrated by this:
- Download a copy of the Nissan Connect app
- Get the Vehicle Identification Number of a Nissan Leaf that you wish to Pwn and enter it into Nissan Connect.
- Congratulations, you’ve just pwned the car.
The good news is that you can’t remotely start the engine or remotely take control of anything like the steering, brakes or anything of the sort as was the case with the Jeep hack from last year. However, the bad news is that you could flip on the air conditioning or something and drain the battery. That’s not trivial as you can’t simply jump start an electric car to get yourself home. This has been verified by others out there in quite a few countries as soon as Mr. Hunt posted this.
Now Nissan has apparently taken the Nissan Connect service off line, and they’ve have told outlets like the BBC the issue is not “life-threatening” and that it will work on a “permanent and robust solutions”. But none of that changes the fact that this was likely a badly secured “feature” that should never have been released to the public and Nissan along with every other car maker needs to do what I’ve been saying for a while, which is to take security in cars far more seriously.
Like this:
Like Loading...
Related
This entry was posted on February 25, 2016 at 9:31 am and is filed under Commentary with tags Nissan. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Nissan Leaf Can Be Easily Pwned By ANYONE
Troy Hunt who is behind the website HaveIBeenPwned has come across and documented a vulnerability in the Nissan Leaf that will leave owners of the electric car cold. He found that there’s no security in the popular electric car as demonstrated by this:
The good news is that you can’t remotely start the engine or remotely take control of anything like the steering, brakes or anything of the sort as was the case with the Jeep hack from last year. However, the bad news is that you could flip on the air conditioning or something and drain the battery. That’s not trivial as you can’t simply jump start an electric car to get yourself home. This has been verified by others out there in quite a few countries as soon as Mr. Hunt posted this.
Now Nissan has apparently taken the Nissan Connect service off line, and they’ve have told outlets like the BBC the issue is not “life-threatening” and that it will work on a “permanent and robust solutions”. But none of that changes the fact that this was likely a badly secured “feature” that should never have been released to the public and Nissan along with every other car maker needs to do what I’ve been saying for a while, which is to take security in cars far more seriously.
Share this:
Like this:
Related
This entry was posted on February 25, 2016 at 9:31 am and is filed under Commentary with tags Nissan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.