Hacker Controls Nissan Leaf Electric Vehicle From The Other Side Of The World [Video]

Anne Sewell

Due to a security flaw in the Nissan Leaf electric car, a hacker on the other side of the world was able to take control of one car's functions and access information on what journeys the car has taken.

The Nissan Leaf is reportedly one of the most popular electric cars in the world, but recently a serious security flaw has been exposed that allows hackers access to the cars functions from literally anywhere in the world.

— Fortune (@FortuneMagazine) February 25, 2016

Hunt then uploaded a video to YouTube of the hack, showing how easy it was for him to do this.

As reported by The Verge, the Nissan Leaf has a companion smartphone app, NissanConnect, which is used by car owners to check on the status of their vehicle, including for instance the car's remaining battery range. This app was exploited by Hunt to gain access to the climate control of the car and turn on the heated seats.

Obviously, in a more serious hacking situation, this could allow malicious attackers to take control of various aspects of the Nissan Leaf vehicles, including running down the battery of a car, or even worse, accessing data on the car's recent journeys, possibly using this data to strand individuals.

— BBC Technology (@BBCTech) February 24, 2016

"Still, a malicious actor could cause a great deal of problems for owners of the Nissan Leaf."

International Business Times quoted security expert Graham Cluley as saying, "If hijacking a Jeep remotely was like man landing on the moon, turning a Nissan Leaf owner's air-conditioning on remotely is like walking up the stairs."

For any concerned Nissan Leaf owners, Helme has provided details on how to prevent a malicious attack of this nature and the easiest fix is to simply unregister the NissanConnect app. During the hacking experiment, as soon as the car was unregistered, Hunt could no longer communicate with the vehicle.

Helme said that, to disable CarWings, car owners must log into the service from their browser, as it reportedly cannot be done through the mobile app.

Once logged in, the car owner should select "Configuration" from the menu and select the "Remove CarWings" option. Reportedly the option appears greyed out on the menu, but it does work when clicked.

Users will then receive a prompt asking them to confirm that they wish to disable CarWings and to provide a reason why. The car owner must then click "Validate" after selecting an appropriate option and a confirmation message will be received. Whether there is a "scared of being hacked" option to choose from was not reported.

According to Hunt, he has warned Nissan several times about the vulnerability of the Nissan Leaf cars since he found it on January 23 and the problem remains unfixed.

While Hunt does admit the vulnerability is not as bad as it could be, and while a malicious attacker can't hijack the driving control of the Nissan Leaf vehicle, it is still unnerving to know that hackers can access control of the inner workings of the car.

[Photo via Wikimedia Commons by Jakub "Flyz1" Maciejewski/CC BY-SA 3.o, 2.5, 2.0 and 1.0]