Nissan’s Leaf EV can be hacked from anywhere, with just an Internet connection

If you drive a Nissan Leaf, you’ll want to pay attention. Heck, if you drive any “connected car,” this story may prove eye opening.

A computer security researcher by the name of Troy Hunt has been able to penetrate the Nissan Leaf’s software with merely a Web browser and Internet connection. Moreover, the regular ol’ Leaf was tapped from thousands of miles away, proving what Hunt hypothesized a while ago.

Though the developer was only able to access the Leaf’s HVAC (climate controls and seat heaters), his discovery raises questions about what else might be vulnerable with better resources or more time. Indeed, if the security risks lead to experiments like Chrysler’s UConnect hacking, there may be broader concerns for Leaf owners.

While at a developer conference, Hunt met an attendee who began using Nissan’s smartphone app to control features on his own Leaf not intended by the automaker. What’s worse, the developer could control other people’s Leafs as well.

On Hunt’s webpage, the researcher teams up with friend and Leaf owner Scott Helme to show how he can infiltrate Helme’s Leaf in the U.K., from his home in Australia.

Related: FCA Recalls 1.4 Million Vehicles Amid Hacking Risks

Hunt was able to access the Leaf computer to document recent trips, power usage information, charge levels, and more. He was also able to control the vehicle’s climate controls. While the latter might sound like the perfect recipe for a prank, the available data could also easily be leveraged by criminals, and non-native app functions could conceivably be made available to a skilled programmer.

Hunt showed that access to any Leaf is possible thanks to a shielded code request where the VIN can be exchanged at will. If a hacker gained access to a Leaf’s VIN (via a Web search or a glance at the vehicle’s windshield), they could perform the same experiment on that car.

Oh, and if you assumed that a hacker would be putting themselves at risk by accessing this information, Hunt notes that each API session didn’t contain origin information (it was completely anonymous).

With these findings in hand, Hunt reported the security risks to Nissan. However, as the researcher notes on his site, it’s been over a month and Nissan has yet to resolve the issue. Hunt did clarify that he was able to get in touch with the right people at the automaker post-haste, but the lack of security within the native app is still concerning.

Sure, the present risks to Nissan Leafs aren’t life-threatening (unless you’re driven insane by seemingly autonomous climate controls), but this should serve as a warning for all automotive manufacturers of connected cars: people can and will exploit security gaps.


PlayStation Classic hacked in less than a week to play games via USB drive

Hackers have already managed to crack the PlayStation Classic, with programs now available to allow users to play additional original PlayStation games on the system via a USB drive.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Digital Trends Live

Digital Trends Live: The Game Awards recap, smart home hackers, and more

On episode 32 of Digital Trends Live, DT's live morning show, hosts Greg Nibler and Jeremy Kaplan broke down the news of the day, including a recap of The Game Awards, a smart home hacking, and more.
Smart Home

Man claims hacker talked to him through his Nest security camera

An Arizona man claims a white hat hacker was able to communicate with him through a hacked Nest Cam IQ internet-connected security camera and warn him about a vulnerability in the device.

Pininfarina Battista is a 1,900-horsepower, 250-mph electric supercar

The Pininfarina Battista will be the first production car from famed Italian design firm Pininfarina. Named after company founder Battista Pininfarina, it has a claimed 1,900 horsepower and a $2.5 million price tag.

Tesla could show the electric pickup Elon Musk is dying to build in 2019

Tesla has started designing its long-promised pickup truck. The yet-unnamed model will come with dual-motor all-wheel drive and lots of torque, plus it will be able to park itself.
Cars is helping Hyundai mine the artificial intelligence gold rush

In November 2018, Hyundai invested in a startup named We talked to the company's founder to learn more about what that means for consumers in the not-too-distant futures.
Emerging Tech

With this robotic garage, retrieving your car is like using a vending machine

Remembering where we parked our cars can be a real pain. But what if our cars came to find us, rather than the other way around? A new automated robot parking valet system aims to help.

Thinking of opting for a car with a diesel engine? Here's what you need to know

Modern diesel-powered models prove that it is possible to build a clean, efficient diesel engine without sacrificing performance. Here's what you need to know about diesel cars, and how they differ from gasoline-powered models.

Best Products of 2018

Our reception desk has so many brown boxes stacked up, it looks like a loading dock. We’re on a first-name basis with the UPS guy. We get new dishwashers more frequently than most people get new shoes. What we’re trying to say is: We…

These winter-warrior cars will never leave you out in the cold

Snow can be an absolute pain if your vehicle isn't optimized to handle that sort of terrain. If brutal snowstorms are an annual part of your life, we recommend you pick up one of these winter-ready vehicles.

2020 Toyota Supra caught hiding in a trailer without a shred of camouflage

Toyota's plan to once again lure enthusiasts into showrooms involves bringing back the Supra, one of its most emblematic nameplates. Here's what we know so far about the upcoming coupe, which Toyota is developing jointly with BMW.

NYC mandates minimum wage for Uber, Lyft, other app-based rideshare drivers

New York City's Taxi and Limousine Commission approved a rule that drivers for companies such as Uber and Lyft must be paid at least minimum wage, even though they are independent contractors. The new pay rate includes operating costs.

LM Industries’ autonomous shuttles head to Phoenix, Sacramento campuses

LM Industries will deploy Olli low-speed autonomous shuttles at school campuses in Arizona and California as part of its ongoing "fleet challenge," which asks local groups to propose uses for autonomous vehicles.