Leaf chronic security risk with NissanConnect EV app.
Discussion
Bonkers. Saw this on speakev while digging around for info.
http://www.troyhunt.com/2016/02/controlling-vehicl...
TL;DR
The app is completely unsecure. Someone can paste a URL into a browser with a valid VIN and remotely turn on/off AC running the battery down, as well as disclosing your driving history (times, efficiency, state of charge, etc).
As soon as this gets out to the wider hacker community I suspect all manner of people will try f
king about with random VINs just for the hell of it.
To solve - disable NissanConnect and don't use it. No response from Nissan at this time despite knowing about it for over a month!
http://www.troyhunt.com/2016/02/controlling-vehicl...
TL;DR
The app is completely unsecure. Someone can paste a URL into a browser with a valid VIN and remotely turn on/off AC running the battery down, as well as disclosing your driving history (times, efficiency, state of charge, etc).
As soon as this gets out to the wider hacker community I suspect all manner of people will try f
king about with random VINs just for the hell of it.To solve - disable NissanConnect and don't use it. No response from Nissan at this time despite knowing about it for over a month!
The functionality has now been disabled after the publication of the blog post yesterday.
http://www.usatoday.com/story/tech/news/2016/02/24...
http://www.usatoday.com/story/tech/news/2016/02/24...
Gassing Station | EV and Alternative Fuels | Top of Page | What's New | My Stuff