Car Dealers Keyboard

Published on March 4th, 2016 | by Kyle Park Points

2

Nissan Leaf Security Flaws Leaked

March 4th, 2016 by  
 

Troy Hunt, a prominent security researcher, has exposed a flaw in the NissanConnect app which allows a remote user to access controls on Nissan Leafs (Leaves?) with only a Vehicle Identification Number (VIN).

Green DOS Nissan Leaf

freeimages.com/Gustavo Molina

Hunt was able to control several remote features on a Nissan Leaf by exploiting security flaws in the company’s phone app. Using the same process as the app, hackers can tamper with controls of a Nissan Leaf from just about any location.

By using his computer as a proxy between the internet and the app, the original hacker who discovered the flaw (not Hunt) was able to view the requests made from the app to Nissan’s servers. In doing so, this anonymous hacker was able to see that the Vehicle Identification Number (VIN) was being used to identify Leafs in these requests.

Furthermore, there is no security identification or authorization for the app.

By using only a Leaf’s VIN, the vehicle can be accessed and controlled remotely and, by law, VINs are typically etched in the window of every car.

When made aware of the flaw, Hunt took action. He made contact with colleague and fellow security researcher Scott Helme to create a demonstration. With Helme in the United Kingdom and Hunt in Australia, Hunt was able to control Helme’s Nissan Leaf from across the world. The trial was documented in the following video.

Hunt was able to access the vehicle and obtain private statistics that could potentially be used maliciously. Data regarding recent trips, distances of those trips, power usage, and the car’s charge state. Hunt was also able to access the Heating, Ventilating and Air Conditioning (HVAC) system and control the car’s AC and heating elements including the seat warmers. Basically, anything the app is programmed to access.

Australia Nissan Leaf

freeimages.com/Martin Abegglen

Australia-based Hunt is a security researcher and has been named a Most Valuable Professional for Developer Security by Microsoft. Hunt does not work for Microsoft but has received the title for his community contributions in the field. After contacting Nissan and finding the flaw unresolved after a month, Hunt finally decided to release his findings, which were already recognized by select Leaf owners worldwide.

Nissan has been dismissive of any security risks, noting that control is only accessed for non-vital features, as a spokeswoman commented in a recent BBC article.

Hunt disagrees and views the company’s “security through obscurity” as ineffective and has expressed that Nissan could easily discontinue the service until the flaws are fixed.

As of now, any Leaf owner who wishes to avoid potential cyber trouble can unregister their NissanConnect app and disable their Nissan CarWings account to prevent any unauthorized access.


Tags: , , , , , , , ,


About the Author

is a working father in New York City by way of Sarasota, Florida. He is a public transportation enthusiast, clean air advocate, lifetime recycler and frequent panderer. He also reluctantly tended to his family's compost heap for many formative years. He hopes to one day leave his daughter with a safer, healthier environment than when she was born - which shouldn't be hard since she was born in Queens, New York.



  • AaronD12

    This article is not timely. Nissan has already disabled the CarWings service so these exploits cannot be used anymore.

  • darth

    Correction, the app has been disabled. You can still access CarsWings features through the owners portal, which does not rely on the security flaw.

Back to Top ↑

Shares