Cyber security researcher Troy Hunt reveals that a flaw in the Nissan Leaf can create vulnerabilities and compromise the driver’s journeys data.
As Mr.Hunt revealed in a blog post, a complete lack of authentication – all you need to know is a Nissan LEAF’s VIN (Vehicle Identification Number) – gives opportunities for mischief makers to steal information about your journeys, and even start or stop the air conditioning/heating.
The VIN number is usually stencilled into a car’s windscreen, making it relatively easy to copy.
Hunt tried to demonstrate the issue in a video with the help of Scott Helme, a friend and a security researcher who owns a Leaf as well.
“Being able to remotely turn on the AC for a car might not seem like a problem, but this could put a significant drain on the battery over a period of time as the attacker can keep activating it. It’s much like being able to start the engine in a petrol car to run the AC, it’s going to start consuming the fuel you have in the tank. If your car is parked on the drive overnight or at work for 10 hours and left running, you could have very little fuel left when you get back to it… You’d be stranded.”
To confirm the problem, Australia-based Troy Hunt used the VIN number of a Nissan LEAF-owning acquaintance based in the UK.
The problem remains unresolved but Mr Hunt said car owners could protect themselves by disabling their Nissan CarWings account. Those who have never signed up are not at risk.
Nissan, according to Hunt, should take action to solve the issue because of the potential impact it can bring to the vehicle’s physical function and the risk it poses to privacy.
You can find much more information in the blog post on Troy Hunt’s site.
