Extremely Lame Nissan Leaf Hack Reported *updated*

When I say a lame hack, I mean one that is so dopey it really should not exist; one of those "Aw, c'mon!" sort of oversights. This one involves the Nissan Leaf's VIN number (which by law is displayed for all to see). Fortunately, this particular vulnerability falls under the category of "stupid/bothersome" rather than "dangerous".

*update - Nissan has now disabled this feature in light of the discovery*
As renowned security researcher Troy Hunt recounts in the video above, a student in one of his security workshops discovered a way to gain access to Nissan's electric Leaf without using the company's mobile app. Further research confirmed the vulnerability that allows a user to retrieve data from a Leaf and control the HVAC system even if the car isn't on.

No comments:

Post a Comment