Nissan Disables Its Smartphone App After a Car was Hacked


As cars get more connected, the risk of their becoming vulnerable to hackers increases exponentially. And it looks like Nissan has learned that lesson the hard way.
The Japanese automaker has completely disabled the smartphone companion app for its Leaf electric vehicle after a security researcher proved hackers could use it to remotely control certain components of the car.
Photo Credit: Yahoo Tech
The app, NissanConnect EV, lets Leaf owners remotely charge their vehicles, as well as control the heat and air conditioning. But according to Australian security researcher Tory Hunt, the app can be hacked so that anyone in the world could take control of the vehicle’s heating and cooling system at will.
In a test conducted with fellow researcher Scott Helme, Hunt was able to connect to Helme’s Leaf (which was in the U.K.) from Australia. During the test, Hunt was able to activate the car’s temperature controls and pull up information about how far Helme had driven his Leaf during recent road trips.
To take control of Helme’s vehicle, Hunt needed to know its vehicle identification number (VIN). Without that VIN, the hack doesn’t work. But as Hunt and Helme showed, the VIN on every Leaf is the same except for the last five digits. That means the researchers could simply add five numbers to the end of a VIN to try to hack into a random Leaf somewhere in the world.
It’s important to note that the Leaf hack didn’t impact any part of the vehicle’s driving controls, so owners were never at risk of being forced into accidents. But in Hunt’s post, Helme details how a hacker could potentially use the exploit to run down the Leaf’s battery by repeatedly activating the air conditioner.
What’s more troubling is that Hunt said he brought the hack to Nissan’s attention weeks ago, but the automaker took no action. Only when Hunt’s story began to garner some attention did the company disable the app.
In a statement, Nissan said the decision to disable the app “follows information from an independent IT consultant and subsequent internal Nissan investigation that found the dedicated server for the app had an issue that enabled the temperature control and other telematics functions to be accessible via a non-secure route.”
The company went on to explain that while the app is currently unavailable, drivers can still use their vehicle’s manual temperature controls. What’s more, the vehicles can still be controlled via Nissan’s desktop site, which wasn’t affected by the security problem.
Nissan says it will make the app available again when it addresses the vulnerability issue.
The idea that cars can be hacked isn’t exactly new. Last year, 60 Minutes ran a report demonstrating how hackers can take control of a vehicle’s functions, including brakes and windshield wipers. But that vehicle was hacked in a controlled environment and required extensive work to take over.
So far, hackers haven’t been able to remotely hack and take control of a vehicle’s driving system in the wild. But as with any device that’s connected to the Internet, it is probably just a matter of time before such a serious hack occurs.
That’s why it behooves automakers and security experts to work together to keep connected cars safe.

You can buy cars, iphones, ipads and other devices on Konga Online Shop by following this link.

If you find this post of help to you and wish to appreciate our efforts; kindly donate to us by clicking on the 'Donate' button below. Any amount is highly appreciated.
Thank you.

No comments:

Post a Comment


Get free updates delivered to your inbox
facebook twitter gplus pinterest rss