As cars get more
connected, the risk of their becoming vulnerable to hackers increases
exponentially. And it looks like Nissan has learned that lesson the hard way.
The Japanese
automaker has completely disabled the smartphone companion app for its Leaf
electric vehicle after a security researcher proved hackers could use it to
remotely control certain components of the car.
 |
| Photo Credit: Yahoo Tech |
The app,
NissanConnect EV, lets Leaf owners remotely charge their vehicles, as well as
control the heat and air conditioning. But according to Australian security researcher Tory
Hunt, the app can be hacked so that anyone in the world could take
control of the vehicle’s heating and cooling system at will.
In a test
conducted with fellow researcher Scott Helme, Hunt was able to connect to
Helme’s Leaf (which was in the U.K.) from Australia. During the test, Hunt was
able to activate the car’s temperature controls and pull up information about
how far Helme had driven his Leaf during recent road trips.
To take control
of Helme’s vehicle, Hunt needed to know its vehicle identification number
(VIN). Without that VIN, the hack doesn’t work. But as Hunt and Helme showed,
the VIN on every Leaf is the same except for the last five digits. That means
the researchers could simply add five numbers to the end of a VIN to try to
hack into a random Leaf somewhere in the world.
It’s important
to note that the Leaf hack didn’t impact any part of the vehicle’s driving
controls, so owners were never at risk of being forced into accidents. But in
Hunt’s post, Helme details how a hacker could potentially use the exploit to
run down the Leaf’s battery by repeatedly activating the air conditioner.
What’s more
troubling is that Hunt said he brought the hack to Nissan’s attention weeks
ago, but the automaker took no action. Only when Hunt’s story began to garner
some attention did the company disable the app.
In a statement,
Nissan said the decision to disable the app “follows information from an
independent IT consultant and subsequent internal Nissan investigation that
found the dedicated server for the app had an issue that enabled the
temperature control and other telematics functions to be accessible via a
non-secure route.”
The company went
on to explain that while the app is currently unavailable, drivers can still
use their vehicle’s manual temperature controls. What’s more, the vehicles can
still be controlled via Nissan’s desktop site, which wasn’t affected by the
security problem.
Nissan says it
will make the app available again when it addresses the vulnerability issue.
The idea that
cars can be hacked isn’t exactly new. Last year, 60 Minutes ran a report
demonstrating how hackers can take control of a vehicle’s functions, including
brakes and windshield wipers. But that vehicle was hacked in a controlled
environment and required extensive work to take over.
So far, hackers
haven’t been able to remotely hack and take control of a vehicle’s driving
system in the wild. But as with any device that’s connected to the Internet, it
is probably just a matter of time before such a serious hack occurs.
That’s why it
behooves automakers and security experts to work together to keep connected
cars safe.
You can buy cars, iphones, ipads and other devices on Konga Online Shop by following this link.
Thank you.
No comments:
Post a Comment