A cybersecurity expert has found that the Nissan Leaf can be hacked.
Troy Hunt says he reached out to Nissan and gave the company one month to fix the issue before making it public, but Nissan did not do so during that time, so Hunt went public.
The vulnerability was initially discovered at a tech security workshop Hunt was running in Norway.
An attendee who owned a Leaf was interested in doing some of his work, and he set up an app to control his car remotely, over the Internet. He inadvertently found he could control other Leafs, too.
The app in question is NissanConnect, and Hunt says he thinks that only customers who signed up for a Nissan CarWings account are affected. A hacker who takes control can fiddle with features such as the heat or air conditioning, all from an internet browser, possibly from the other end of the world. Not only that, but a curious hacker can access data about recent trips.
Hunt even put it to the test with a friend who owns a Leaf. The friend, Scott Helme, said that while he sat in his car, which was turned off, talking to Hunt on Skype, Hunt was able to type a Web address into his browser and activated the heated seats and steering wheel, along with the air conditioning.
Further testing showed that the hack didn’t work when the car was in motion, and the most important controls (steering, brakes) were unaffected. Also, when Helme unregistered from his Nissan app, Hunt lost his connection.
Hunt said that Nissan should be able to stop the hack, because the app communicates through the company’s own servers.
Hunt has as a detailed explanation on his blog, and we’ve included his video here.