[37.5 seconds | 125 words]
- An API used by Nissan to allow LEAF owners to manage their vehicles from a mobile phone allows hackers to remotely control some of the car’s features.
- Experts discovered the by knowing a Nissan LEAF’s VIN, they could send requests to enable and disable the climate control, obtain information on the vehicle’s status, and even collect driving history.
- Fortunately, the LEAF mobile apps don’t allow users to lock or unlock the vehicle, or start it remotely.
- On all the Nissan LEAF vehicles seen by Hunt, the VIN is the same, except for the last five digits, which makes an easy bruteforce attack target.
- Until a fix becomes available, users can protect themselves against potential attacks by disabling this service.