Nissan Leaf App Pulled Over Security Flaw
The popular Nissan Leaf electric car has pulled its companion app after an IT expert had found flaws where the air conditioning system and heating systems could be hijacked remotely. Also journey data could be pulled. The expert revealed that potential hackers could remotely take control of these systems as long as the hacker had the vehicle’s VIN number. He did go on to state that this couldn’t be achieved though if the car was in motion.
The first characters of the VIN number refer to the vehicle’s brand and the model of car, country where it was manufactured or the location of the company’s headquarters. Usually with a VIN number it is only the last few characters that differ, the expert revealed that there is noting to stop a hacker developing a code whereby the program goes through every a 100,00 different variations of the VIN number and tries to control the heating in each vehicle. This would then give the hacker the information he needs that the car exists.
A hacker wouldn’t even need the app to do this activity; he could do it via a web browser. Due to these findings Nissan launched a internal investigation to ascertain the seriousness of the threat. They have stated that no critical elements of the driving experience can be affected and that Nissan Leaf drivers can continue to drive their vehicles. The only functions affected are those that can be controlled by a mobile phone via the app. IT has now been taken offline and they have stated that they are going to launch an updated version of their app very soon.
Gone are the days when all you had to worry about with your car is whether it would start or not in the morning, filling up at the pumps and trying to get cheap car insurance cover– the new era of ‘Smart Cars’ and apps to look to improve the driving experience have brought about issues with potential security flaws and data collection in recent years. This is a subject to pay attention to in the coming years if in the market for a new car.