Nissan Suspends Leaf App over Security Breach
Nissan has announced it is suspending the functions of the NissanConnect EV, an app that could have been used to hack its Leaf electric cars.
The action follows the revelation that a flaw with the software meant that an attacker could run down the battery of a target’s car and see data about its recent journeys.
Nissan had been informed of the problem a month ago but only acted after details of the issue were flagged online.
The auto maker denies there was a safety issue.
The security researcher who had alerted Nissan to the problem a month ago believes the company should have taken the step earlier.
The hack allowed an attacker to see details about journey times and distances, but not location details.
Since the hack would not work when cars were moving and did not affect their steering controls, he acknowledged that it would not threaten people’s lives.
Nissan has disabled the service and noted that the app was also used by some of its electric vans.
“The NissanConnect EV app – formerly called CarWings – is currently unavailable,” the company said in a statement.
“This follows information from an independent IT consultant and a subsequent internal Nissan investigation that found the dedicated server for the app had an issue that enabled the temperature control and other telematics functions to be accessible via a non-secure route.
“No other critical driving elements of the Nissan Leaf or eNV200 [van] are affected, and our 200,000-plus LEAF and eNV200 drivers across the world can continue to use their cars safely and with total confidence.
“We apologise for the disappointment caused to our Nissan Leaf and eNV200 customers who have enjoyed the benefits of our mobile apps. However, the quality and seamless operation of our products is paramount.
“We’re looking forward to launching updated versions of our apps very soon.”