Nissan Disables Its Smartphone App After Hackers Use It to Control Leaf Electric Car

February 25, 2016 at 1:41 PM

As cars get more connected, the risk of their becoming vulnerable to hackers increases exponentially. And it looks like Nissan has learned that lesson the hard way.

The Japanese automaker has completely disabled the smartphone companion app for its Leaf electric vehicle after a security researcher proved hackers could use it to remotely control certain components of the car.

The app, NissanConnect EV, lets Leaf owners remotely charge their vehicles, as well as control the heat and air conditioning. But according to Australian security researcher Tory Hunt, the app can be hacked so that anyone in the world could take control of the vehicle’s heating and cooling system at will.

In a test conducted with fellow researcher Scott Helme, Hunt was able to connect to Helme’s Leaf (which was in the U.K.) from Australia. During the test, Hunt was able to activate the car’s temperature controls and pull up information about how far Helme had driven his Leaf during recent road trips.

To take control of Helme’s vehicle, Hunt needed to know its vehicle identification number (VIN). Without that VIN, the hack doesn’t work. But as Hunt and Helme showed, the VIN on every Leaf is the same except for the last five digits. That means the researchers could simply add five numbers to the end of a VIN to try to hack into a random Leaf somewhere in the world.

It’s important to note that the Leaf hack didn’t impact any part of the vehicle’s driving controls, so owners were never at risk of being forced into accidents. But in Hunt’s post, Helme details how a hacker could potentially use the exploit to run down the Leaf’s battery by repeatedly activating the air conditioner.

What’s more troubling is that Hunt said he brought the hack to Nissan’s attention weeks ago, but the automaker took no action. Only when Hunt’s story began to garner some attention did the company disable the app.

In a statement, Nissan said the decision to disable the app “follows information from an independent IT consultant and subsequent internal Nissan investigation that found the dedicated server for the app had an issue that enabled the temperature control and other telematics functions to be accessible via a non-secure route.”

The company went on to explain that while the app is currently unavailable, drivers can still use their vehicle’s manual temperature controls. What’s more, the vehicles can still be controlled via Nissan’s desktop site, which wasn’t affected by the security problem.

Nissan says it will make the app available again when it addresses the vulnerability issue.

The idea that cars can be hacked isn’t exactly new. Last year, 60 Minutes ran a report demonstrating how hackers can take control of a vehicle’s functions, including brakes and windshield wipers. But that vehicle was hacked in a controlled environment and required extensive work to take over.

So far, hackers haven’t been able to remotely hack and take control of a vehicle’s driving system in the wild. But as with any device that’s connected to the Internet, it is probably just a matter of time before such a serious hack occurs.

That’s why it behooves automakers and security experts to work together to keep connected cars safe.

Email Daniel at dhowley@yahoo-inc.com; follow him on Twitter at @DanielHowley.

Yahoo Sports
WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not
Here are five franchises who stood out, for better or for worse.
4d ago
Yahoo News
Trump trial updates: Jury selection finished, man sets himself on fire outside courthouse
Five more alternate jurors were selected Friday following questioning from prosecution and defense lawyers, rounding out the 12 jurors and six alternates needed for the case against Trump to proceed.
3h ago
Yahoo Sports
Yankees pitcher Fritz Peterson, infamous for trading wives with a teammate, dies at 82
Former New York Yankees left-hander Fritz Peterson died at the age of 82. He is probably best known exchanging wives with teammate Mike Kekich in the 1970s.
5d ago
Yahoo Sports
Boban Marjanović hilariously misses free throws on purpose to give Clippers fans free chicken
Boban Marjanović is a man of the people.
5d ago
Yahoo Sports
Robert Kraft reportedly warned Falcons owner Arthur Blank not to trust Bill Belichick during head coach interviews
Bill Belichick's former boss Robert Kraft reportedly tanked his chances of getting hired as the Falcons head coach.
2d ago
Yahoo Sports
Jaromír Jágr scores in first game since turning 52, passes Gordie Howe as oldest professional hockey player
Jágr began his NHL career in 1990 with the Pittsburgh Penguins.
7h ago
Yahoo Sports
NBA playoffs: Predictions for Knicks-Sixers, Nuggets-Lakers and every first-round series
Our NBA experts make their predictions for every first-round series in the playoffs.
7h ago
Yahoo Sports
Fantasy Baseball Waiver Wire: A little something for every lineup in our latest pickups
Fantasy baseball analyst Andy Behrens offers up a series of pickups to assist every manager, starting with a duo of Rockies ahead of a Colorado homestand.
7h ago
Yahoo Sports
UFC 300: 'We're probably gonna get sued' after Arman Tsarukyan appeared to punch fan during walkout
'We'll deal with that Monday,' Dana White said about Arman Tsarukyan appearing to punch a fan during his UFC 300 walkout.
5d ago
Yahoo Sports
Rob Gronkowski's first pitch before the Red Sox's Patriots' Day game was typical Gronk
Never change, Gronk.
4d ago
Yahoo Sports
Nike responds to backlash over Team USA track kits, notes athletes can wear shorts
The new female track uniform looked noticeably skimpy at the bottom in one picture, which social media seized upon.
6d ago
Yahoo Sports
Rangers' Jack Leiter strikes out first batter he faces but gets roughed up by Tigers in historic MLB debut
Leiter lasted 3 2/3 innings in his MLB debut for the Rangers.
1d ago
Yahoo Finance
Trump Media stock jumps for second day as company goes to battle with short sellers
Trump Media is advising investors on ways to prevent their shares from being loaned for a short-interest position.
1d ago
Autoblog
2024 Toyota Land Cruiser Review: Cool, capable, family friendly, perhaps too pricey
Everything we know about the all-new 2024 Toyota Land Cruiser, including its price, fuel economy, hybrid power specs and more.
5h ago
Yahoo Sports
Justin Pippen, Scottie Pippen's youngest son, commits to Michigan
Justin Pippen, the youngest son of NBA legend Scottie Pippen, announced he will be playing college basketball next season at Michigan.
1h ago
Yahoo Sports
Early MLB season evaluations, which teams are up and which are down, Jack Leiter debut
Jake Mintz & Jordan Shusterman give their early season assessment of all thirty MLB teams at the three week mark, as well as discuss the long-awaited debut of Texas Rangers pitcher Jack Leiter.
2d ago
Yahoo Sports
76ers' statue for Allen Iverson draws jokes, outrage due to misunderstanding: 'That was disrespectful'
Iverson didn't get a life-size statue. Charles Barkley and Wilt Chamberlain didn't either.
7d ago
Yahoo Sports
Fantasy Baseball Trade Analyzer: Is it time to sell high on Aaron Nola?
Fred Zinkie examines two pitchers to deal while their value is trending up and a few others it's worth trying to acquire.
2d ago
Autoblog
Report: The Toyota Highlander is going all-electric
Recent reports point to a new Highlander EV and plug-in versions of Toyota's trucks.
1d ago
Yahoo Sports
Former Augusta National Golf Club employee charged with stealing millions in Masters memorabilia
The former employee was a warehouse coordinator in charge of Masters memorabilia.
1d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Nissan Disables Its Smartphone App After Hackers Use It to Control Leaf Electric Car

Recommended Stories

WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not

Trump trial updates: Jury selection finished, man sets himself on fire outside courthouse

Yankees pitcher Fritz Peterson, infamous for trading wives with a teammate, dies at 82

Boban Marjanović hilariously misses free throws on purpose to give Clippers fans free chicken

Robert Kraft reportedly warned Falcons owner Arthur Blank not to trust Bill Belichick during head coach interviews

Jaromír Jágr scores in first game since turning 52, passes Gordie Howe as oldest professional hockey player

NBA playoffs: Predictions for Knicks-Sixers, Nuggets-Lakers and every first-round series

Fantasy Baseball Waiver Wire: A little something for every lineup in our latest pickups

UFC 300: 'We're probably gonna get sued' after Arman Tsarukyan appeared to punch fan during walkout

Rob Gronkowski's first pitch before the Red Sox's Patriots' Day game was typical Gronk

Nike responds to backlash over Team USA track kits, notes athletes can wear shorts

Rangers' Jack Leiter strikes out first batter he faces but gets roughed up by Tigers in historic MLB debut

Trump Media stock jumps for second day as company goes to battle with short sellers

2024 Toyota Land Cruiser Review: Cool, capable, family friendly, perhaps too pricey

Justin Pippen, Scottie Pippen's youngest son, commits to Michigan

Early MLB season evaluations, which teams are up and which are down, Jack Leiter debut

76ers' statue for Allen Iverson draws jokes, outrage due to misunderstanding: 'That was disrespectful'

Fantasy Baseball Trade Analyzer: Is it time to sell high on Aaron Nola?

Report: The Toyota Highlander is going all-electric

Former Augusta National Golf Club employee charged with stealing millions in Masters memorabilia