Skip to main content

Nissan’s Leaf EV can be hacked from anywhere, with just an Internet connection

If you drive a Nissan Leaf, you’ll want to pay attention. Heck, if you drive any “connected car,” this story may prove eye opening.

A computer security researcher by the name of Troy Hunt has been able to penetrate the Nissan Leaf’s software with merely a Web browser and Internet connection. Moreover, the regular ol’ Leaf was tapped from thousands of miles away, proving what Hunt hypothesized a while ago.

Recommended Videos

Though the developer was only able to access the Leaf’s HVAC (climate controls and seat heaters), his discovery raises questions about what else might be vulnerable with better resources or more time. Indeed, if the security risks lead to experiments like Chrysler’s UConnect hacking, there may be broader concerns for Leaf owners.

While at a developer conference, Hunt met an attendee who began using Nissan’s smartphone app to control features on his own Leaf not intended by the automaker. What’s worse, the developer could control other people’s Leafs as well.

On Hunt’s webpage, the researcher teams up with friend and Leaf owner Scott Helme to show how he can infiltrate Helme’s Leaf in the U.K., from his home in Australia.

Related: FCA Recalls 1.4 Million Vehicles Amid Hacking Risks

Hunt was able to access the Leaf computer to document recent trips, power usage information, charge levels, and more. He was also able to control the vehicle’s climate controls. While the latter might sound like the perfect recipe for a prank, the available data could also easily be leveraged by criminals, and non-native app functions could conceivably be made available to a skilled programmer.

Hunt showed that access to any Leaf is possible thanks to a shielded code request where the VIN can be exchanged at will. If a hacker gained access to a Leaf’s VIN (via a Web search or a glance at the vehicle’s windshield), they could perform the same experiment on that car.

Oh, and if you assumed that a hacker would be putting themselves at risk by accessing this information, Hunt notes that each API session didn’t contain origin information (it was completely anonymous).

With these findings in hand, Hunt reported the security risks to Nissan. However, as the researcher notes on his site, it’s been over a month and Nissan has yet to resolve the issue. Hunt did clarify that he was able to get in touch with the right people at the automaker post-haste, but the lack of security within the native app is still concerning.

Sure, the present risks to Nissan Leafs aren’t life-threatening (unless you’re driven insane by seemingly autonomous climate controls), but this should serve as a warning for all automotive manufacturers of connected cars: people can and will exploit security gaps.

Miles Branman
Miles Branman doesn't need sustenance; he needs cars. While the gearhead gene wasn't strong in his own family, Miles…
Tesla Model Y vs. Nissan Ariya: Can Tesla take out Nissan’s electric crossover?
Front three quarter view of the 2023 Nissan Ariya.

Nissan has been a little slow to the punch when it comes to electrification (besides the Leaf, of course). But now, it’s finally starting to electrify its lineup with the new Nissan Ariya. The Ariya is a crossover similar in size to the likes of the Ford Mustang Mach-E, the Kia EV6, and, of course, the Tesla Model Y.

If you’re in the market for a new electric car, you might be wondering whether you should go for the now-everywhere Tesla Model Y or stick with the newer Nissan Ariya. Both cars are seemingly more tech-focused, however, while the Ariya builds on Nissan’s decades of experience in the automotive industry, the Model Y takes a still-fresh approach to its car, at least compared to the competition.

Read more
Nissan wants the 2023 Ariya to be its comeback EV, but the bar has been raised
Front view of the 2023 Nissan Ariya.

Nissan played an understated role in the modern era of electric cars. While Tesla gets most of the attention, the Nissan Leaf became the first modern mass-market EV when it launched in December 2010. But Nissan has squandered that early lead. The Leaf remains a decent car, but Nissan needed to follow it up with another model, specifically an SUV, that would appeal to more car shoppers. That’s where the 2023 Nissan Ariya comes in.
The Ariya is the long-awaited sequel to the Leaf, boosting updated tech, better performance, and an SUV body style to match current trends. But during the Ariya’s long gestation (it was originally supposed to launch in 2021), other automakers have come up with electric SUVs of their own. So while it was once a leader, Nissan must now follow the Ford Mustang Mach-E, Hyundai Ioniq 5, and Kia EV6, among others.
Pricing starts at $44,485 (with destination) for the base Ariya Engage trim level with front-wheel drive and the smaller 65-kilowatt-hour (63-kWh usable capacity) battery pack. Pricing rises to $61,485 for the top Platinum+ model with all-wheel drive and a 91-kWh (87-kWh usable capacity) pack, but all-wheel drive models won’t arrive until after the front-wheel drive models. Nissan hasn’t discussed plans to assemble the Ariya in the U.S., so it likely won’t qualify for the revised federal EV tax credit.

Design and interior
If it had launched even two years ago, the Ariya would have looked cutting-edge. Its rounded exterior surfaces make a nod to aerodynamics while still preserving the SUV look buyers love. It’s a nice-looking vehicle too, but so are the Ford Mustang Mach-E, Hyundai Ioniq 5, and Kia EV6, all of which have gone on sale since the Ariya was announced in 2020. Nissan is no longer a trendsetter, but the Ariya can at least claim a more SUV-like feel than those other EVs, in both its tall profile and high-and-mighty driving position.
More significant than the styling, though, is that the Ariya rides on a new EV-specific platform. In contrast to the Leaf, which shares some of its structure with gasoline cars, engineers could take full advantage of the efficiencies of an electric powertrain and maximize interior space. Like certain other automakers, Nissan also opted out of a frunk in order to maximize passenger space, moving components like the air conditioner under the hood to make more room in the cabin.
Rounded surfaces nod to aerodynamics while still preserving the SUV look buyers love.

Read more
Destructive hacking group REvil could be back from the dead
Person typing on a computer keyboard.

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil -- until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Read more