Nissan has turned off its connected car app for the Leaf and e-NV200 models after a security flaw was revealed yesterday (Wednesday 24th February). The NissanConnect EV app allowed hackers to remotely control some of the car’s systems via a security flaw.
None of the car’s essential driving or safety functions could be affected, nor could any potential hackers control any of the car’s systems while it was moving. However, the security flaw meant that functions such as the air-conditioning could be controlled by someone who didn’t own the NissanConnect EV account.
Journey information could also be accessed, though no location details, as the only information that was needed was the car’s VIN (Vehicle Identification Number). This is normally etched into the car’s windscreen, making it easy to discover.
Security researcher Troy Hunt discovered the flaw a month ago and alerted Nissan to the problem. However, he believes the company should have taken action earlier, reports the BBC.
From his base in Australia, Mr Hunt was able to access functions of his friend’s Nissan Leaf in the UK. While his friend was sitting in the car without anything switched on and the key out of the car, Mr Hunt was able to turn the heated seat and steering wheel on, and the air-conditioning.
Users can’t access the app currently while Nissan looks into a fix. A statement from Nissan says: “The NissanConnect EV app – formerly called CarWings – is currently unavailable. This follows information from an independent IT consultant and a subsequent internal Nissan investigation that found the dedicated server for the app had an issue that enabled the temperature control and other telematics functions to be accessible via a non-secure route.
“No other critical driving elements of the Nissan Leaf or eNV200 are affected, and our 200,000-plus LEAF and eNV200 drivers across the world can continue to use their cars safely and with total confidence.
“We apologise for the disappointment caused to our Nissan Leaf and eNV200 customers who have enjoyed the benefits of our mobile apps. However, the quality and seamless operation of our products is paramount. We’re looking forward to launching updated versions of our apps very soon.”