‘Hackers can control Nissan Leaf’s heating and access driving history’:
Hackers can control features in Nissan’s Leaf electric cars over the internet, enabling them to remotely enable the air conditioning and heating, or pull information from the car including driving history, replete with GPS co-ordinates.
The car can be hacked by exploiting a weakness in the way it communicates with its companion app, NissanConnect EV. The app itself can be used to control the in-car climate and check driving range, but only for the owner’s car.
However, the security researcher Troy Hunt reports that the app’s communication with the car is entirely unauthenticated, allowing anyone to send the same commands and requests for information over the web. Worse, the only way the app specifies which car to connect to is with the vehicle identification number (Vin), which is unique to each car. But the Vin for Leaf cars only changes in the last five digits, and is frequently visibly displayed through the windscreen of cars.
The damage potential is low compared with other recent vehicle hacks, particularly the vulnerable Jeeps first reported in September 2015, which could be remotely steered and accelerated by an attacker. But it still allows an attacker to run the battery of a car flat, by leaving the central heating on for hours on end, and greatly compromises the privacy of the user.
I remember a conversation with the Zoe rep when i went to test drive one, i was saying i did not want the computer/app access or keyless entry as they were security weaknesses. He was a 30 year something and gave me this sort of completely-not-getting-it look. But yeah for sure i don’t buy into this modern era ‘convenience’ stuff 99% of the time. It’s like having a credit card you just swipe without a pin, dumb.