Skip to main content

Nissan’s Leaf EV can be hacked from anywhere, with just an Internet connection

Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs
If you drive a Nissan Leaf, you’ll want to pay attention. Heck, if you drive any “connected car,” this story may prove eye opening.

A computer security researcher by the name of Troy Hunt has been able to penetrate the Nissan Leaf’s software with merely a Web browser and Internet connection. Moreover, the regular ol’ Leaf was tapped from thousands of miles away, proving what Hunt hypothesized a while ago.

Though the developer was only able to access the Leaf’s HVAC (climate controls and seat heaters), his discovery raises questions about what else might be vulnerable with better resources or more time. Indeed, if the security risks lead to experiments like Chrysler’s UConnect hacking, there may be broader concerns for Leaf owners.

While at a developer conference, Hunt met an attendee who began using Nissan’s smartphone app to control features on his own Leaf not intended by the automaker. What’s worse, the developer could control other people’s Leafs as well.

On Hunt’s webpage, the researcher teams up with friend and Leaf owner Scott Helme to show how he can infiltrate Helme’s Leaf in the U.K., from his home in Australia.

Related: FCA Recalls 1.4 Million Vehicles Amid Hacking Risks

Hunt was able to access the Leaf computer to document recent trips, power usage information, charge levels, and more. He was also able to control the vehicle’s climate controls. While the latter might sound like the perfect recipe for a prank, the available data could also easily be leveraged by criminals, and non-native app functions could conceivably be made available to a skilled programmer.

Hunt showed that access to any Leaf is possible thanks to a shielded code request where the VIN can be exchanged at will. If a hacker gained access to a Leaf’s VIN (via a Web search or a glance at the vehicle’s windshield), they could perform the same experiment on that car.

Oh, and if you assumed that a hacker would be putting themselves at risk by accessing this information, Hunt notes that each API session didn’t contain origin information (it was completely anonymous).

With these findings in hand, Hunt reported the security risks to Nissan. However, as the researcher notes on his site, it’s been over a month and Nissan has yet to resolve the issue. Hunt did clarify that he was able to get in touch with the right people at the automaker post-haste, but the lack of security within the native app is still concerning.

Sure, the present risks to Nissan Leafs aren’t life-threatening (unless you’re driven insane by seemingly autonomous climate controls), but this should serve as a warning for all automotive manufacturers of connected cars: people can and will exploit security gaps.

Editors' Recommendations

Miles Branman
Former Digital Trends Contributor
Miles Branman doesn't need sustenance; he needs cars. While the gearhead gene wasn't strong in his own family, Miles…
Nissan Leaf gains more driver-assistance features, new infotainment tech for 2020
2019 Nissan Leaf

The electric Nissan Leaf hatchback is entering the 2020 model year with more standard features, including a comprehensive suite of driver-assistance technology, and a correspondingly higher price. The Japanese firm also made a handful of smaller changes to its only battery-powered model to push it into the new decade.

The big news for the 2020 model year is the addition of Nissan Safety Shield 360 across the entire range. It bundles automatic emergency braking with pedestrian detection, lane departure warning, and rear automatic braking, electronic features which make the Leaf safer than the outgoing 2019 model. ProPilot Assist, which is the name of Nissan's semiautonomous driving system, remains available at an extra cost.

Read more
Outdo your neighbors with this Nissan Leaf mobile Christmas tree
nissan leaf electric car turned into mobile christmas tree



Read more
Nissan teams up with EVgo to provide free charging of Leaf vehicles in U.S.
2019 nissan leaf plus review 11

Nissan and EVgo have announced that they are providing new Nissan Leaf owners and lessees access to EVgo's U.S. charging network through a new program, called Nissan Energy Perks by EVgo. Nissan is hoping that the new program will encourage more U.S.-based drivers to switch over to an electric vehicle. Through the program, Nissan will provide $250 in charging credits to EVgo's 750 public charging station locations with more than 1,200 fast chargers. The program is for new or lease purchases of the Leaf or Leaf Plus made either on or after November 1, 2019.

"Nissan is a longtime leader in electric vehicles and this new partnership with EVgo will give Nissan Leaf owners confidence powered by tens of thousands of chargers across America," said Aditya Jairaj, director of EV sales and marketing for Nissan North America. "Convenient access to public chargers can be incredibly helpful for Leaf owners in their day-to-day lives."

Read more