1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Nissan Leaf owners: Prepare to be pranked by hackers thanks to insecure API

Discussion in 'Network World' started by RSS, Feb 24, 2016.

  1. RSS

    RSS New Member Member

    Another day, another flaw revealed in the Internet of insecure things. If you have a Nissan Leaf, then prepare yourself to potentially be pranked by friends, frenemies – even complete strangers on the other side of the world. All a person needs is your Vehicle Identification Number (VIN) – which happens to be visible on your Leaf for anyone who wants to see it – and for you to use the Nissan Leaf remote management app.

    Security pro Troy Hunt revealed that pranksters can switch on and off your heat or AC while your car is parked as well as exploit other options available to Nissan Leaf electric car owners via the companion NissanConnect EV app. The vulnerabilities are in the mobile management APIs which allow car owners to “check the state of battery charge, start charging, check when battery charge will complete, see estimated driving range, and turn on or off climate control system.” If anyone has your VIN, and you use the app, then they too can control those options via a web browser.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page