Security researcher discloses "profoundly trivial" hack involving Nissan Leaf electric vehicles

By Shawn Knight ยท 5 replies
Feb 24, 2016
Post New Reply
  1. A couple of security researchers have disclosed a hack involving Nissan's Leaf that allows anyone with an Internet connection and a web browser to gather data and control certain aspects of the electric vehicle from anywhere in the world.

    As renowned security researcher Troy Hunt recounts in the video above, a student in one of his security workshops discovered a way to gain access to Nissan's electric Leaf without using the company's mobile app. Further research confirmed the vulnerability that allows a user to retrieve data from a Leaf and control the HVAC system even if the car isn't on.

    All that's needed to pull off the hack is a vehicle's VIN, or Vehicle Identification Number. These aren't exactly hard to come by as they're required by law to be displayed through the windshield of all vehicles. The first several characters are almost always the same for a particular make and model so all that changes is the last five digits.

    Hunt says he made multiple attempts over the past month to get Nissan to resolve the matter with no luck which is why he has decided to go public with it.

    The good news is that the hack isn't as "dangerous" as the Jeep hack disclosed last summer. The bad news? It's extremely easy to hack into the Leaf. Theoretically, someone could run the car's battery down by using the heater all day and night but more concerning are the privacy implications.

    All things considered, Hunt said Nissan needs to fix this.

    Permalink to story.

  2. Technician

    Technician TS Addict Posts: 677   +114

    First he says from anywhere in the world, then he mentions but you need to look thru the windshield of the car. That's not easy if the car is on a different continent or even if the driver (Like me) has the VIN covered by a dash cover.
  3. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    They can pull you over for obscuring your VIN... well they can over here anyway, but it's nothing that a little bribe won't rectify.
  4. Kibaruk

    Kibaruk TechSpot Paladin Posts: 3,285   +900

    Right, cause information over internet is just over your windshield... and it's extremely hard to randomly select the last 5 digits to just wreak random havoc
  5. Per Hansson

    Per Hansson TS Server Guru Posts: 1,957   +214

    The VIN of a car can be easily found online, for example via a Carfax report.
  6. I'll happily take photo's of VINs for cash

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...