Nissan has disabled an app used by thousands of Leaf owners after researchers discovered cyber vulnerabilities.
Security holes that allowed strangers to access climate controls and location data had been discovered by security researcher Troy Hunt and discussed by others on message boards for several weeks. When the problems received widespread attention, Nissan investigated further and decided to halt the NissanConnect EV service until a fix is made.
“We apologize for the disappointment caused to our Nissan Leaf customers who have enjoyed the benefits of our mobile apps,” a Nissan spokesperson said. “However, the quality and seamless operation of our products is paramount. We’re looking forward to launching updated versions of our apps very soon.”
Hunt’s research determined that, with nothing more than a vehicle identification number and some basic web-development knowledge, strangers could access climate controls and trip logs for any Leaf that used the NisssanConnect EV app across the world. By turning heat or air conditioning on, at least theoretically, mischief-makers could drain the battery.
Nissan says it consulted with an independent IT consultant and conducted internal an internal investigation and confirmed Hunt’s findings that sensitive information and climate functions could be accessed via a non-secure route. No critical safety functions could be breached.