Security flaw disclosed: Nissan shuts down Leaf connectivity function

Security flaw disclosed: Nissan shuts down Leaf connectivity function

Technology News |
By eeNews Europe

The vulnerability has been disclosed by security researcher Troy Hunt in a blog post. According to the post, all a hacker needs to access the system is the Vehicle Identification Number (VIN) and the IP address associated to the vehicle. Both are relatively easy to obtain: The IP address through specific search engines and the VIN is even visible behind the vehicle’s windshield. Since only the last five digits of this number are different, it is even possible to have a computer trying out all VINs. Accessing the car remotely is greatly facilitated through the fact that Nissan’s remote interface does not require any kind of authentication from the hacker – not even a password or PIN code. With the method described in his blog post, Hunt succeeded to access a Nissan Leaf in England while he himself was sitting on his couch in Australia.

It is also possible to read out internal data of the vehicle such as charging level as well as date, time and distances driven lately. During this process, the hacked car was not even powered up.

Hunt claims he contacted Nissan earlier describing the problem and its potential for hacking attempts. Nissan was receptive, Hunt writes, but apparently the carmaker reacted rather slow so the security expert decided to go public with the problem. This time Nissan apparently reacted faster: After the blog post, the carmaker deactivated the function immediately.

Related links:
Youtube video in which Hunt explains his approach:

Hunt’s blog post:

Security flaw in BMW’s ConnectedDrive detected

Hackers take over a moving vehicle remotely

5 Best Practices for Securing the Connected Car

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles