Nissan's EV App Lets Hackers Mess With Your Leaf

Nissan's EV App Lets Hackers Mess With Your Leaf
An independent consultant's report says that the NissanConnect EV app could be used to hack some of the company's Leaf electric cars.

Apps are great for lots of things, but if they're going to be used with cars, they'll need beefier security.

Two security researchers, both with access to Nissan's Leaf electric vehicle, discovered vulnerabilities in a companion app that could be used to effectively hack the car.

Fortunately, no driving functions could be controlled, like with that Jeep incident last year.

Instead, the NissanConnect EV app can only compromise the features the smartphone can access. So, for example, the car's climate controls.

One of the researchers wrote a blog post detailing the app's vulnerabilities. He said that "not only could he connect to [a fellow researcher's] LEAF over the internet and control features independently of how Nissan had designed the app, he could control other people's LEAFs."

And all that's needed to hack a car over the Internet is the vehicle identification number, or VIN. Which can usually be seen from the front windshield on the driver's side.

The security hole in the app might also let hackers pull some personal information, too, like a username (which is often associated with owners' real names).

The company released a statement saying its NissanConnect EV app, which works with the Leaf and e-NV200, is unavailable as of Thursday. The company also said it would be releasing an updated app "very soon."

This video includes clips from NissanAppleWired and Troy Hunt / CC BY 3.0 and an image from Yi Chen / CC BY 3.0.