A couple of security researchers have disclosed a hack involving Nissan's Leaf that allows anyone with an Internet connection and a web browser to gather data and control certain aspects of the electric vehicle from anywhere in the world.
As renowned security researcher Troy Hunt recounts in the video above, a student in one of his security workshops discovered a way to gain access to Nissan's electric Leaf without using the company's mobile app. Further research confirmed the vulnerability that allows a user to retrieve data from a Leaf and control the HVAC system even if the car isn't on.
All that's needed to pull off the hack is a vehicle's VIN, or Vehicle Identification Number. These aren't exactly hard to come by as they're required by law to be displayed through the windshield of all vehicles. The first several characters are almost always the same for a particular make and model so all that changes is the last five digits.
Hunt says he made multiple attempts over the past month to get Nissan to resolve the matter with no luck which is why he has decided to go public with it.
The good news is that the hack isn't as "dangerous" as the Jeep hack disclosed last summer. The bad news? It's extremely easy to hack into the Leaf. Theoretically, someone could run the car's battery down by using the heater all day and night but more concerning are the privacy implications.
All things considered, Hunt said Nissan needs to fix this.
