Nissan pulls the plug on leaf app over hacking fears

Electric car manufacturer Nissan has disabled its Leaf app after the discovery of a credible threat by a security researcher which could have seen hackers take control of its vehicles.

A software vulnerability shared online opened up the prospect of hackers remotely discharging the battery of a victim’s car whilst obtaining journey time and distance data, forcing Nissan to take down the functionality of its app as a precaution until the issue can be rectified.

Nissan itself had been aware of the issue for a month but denied it represented a safety concern, acting only when the problem began to be discussed openly in online forums and blogs.

Troy Hunt, the IT specialist who exposed the flaw, told the BBC: “Disabling the service was the right thing to do given it appears it's not something they can properly secure in an expeditious fashion.

"Hopefully this will give them time to build a more robust solution that ensures vehicle features and driving history are only accessible via the authorised owner of the car."

Hunt believes that the problem could have led to malicious operatives wresting control of heating and air conditioning systems in affected cars through its built-in web browser as the app itself was not configured to confirm the owner’s identity – only requiring a vehicle identification number.

Key controls such as steering and brakes would not have been at risk of remote override however.

John Glenday

John Glenday is responsible for compiling The Drum's daily morning bulletin and ensuring that overnight breaking news is covered while you're still brushing your teeth. Can also make a mean cup of tea.

All by John