Nissan apparently has disabled the NissanConnect EV app after a hacker discovered a vulnerability in the system.
As it turned out, the Japanese car maker’s compact five-door hatchback electric car suffered from a vulnerability, allowing someone to see the car’s driving history and other data. AutoNews reports that the NissanConnect EV app – a phone integrated application which allowed drivers to remotely control the Leaf’s heating and cooling – had a major security flaw, discovered by Australian researcher Troy Hunt.
According to Hunt, the fault can allow hackers to adjust other cars’ temperatures and to actually review their driving history from the app – an issue stressed by the developer, which didn’t receive the proper attention from Nissan until Wednesday night.
“I would have preferred to see faster action from Nissan. In my view, this is the sort of flaw that needs to have the service pulled until it can be fixed properly and restored”, Hunt said.
In a post published on his personal blog, Hunt said that he first announced the company about the liability on January 23rd, and numerous times since.
Nevertheless, the Nippon automaker responded and disabled the app following an internal investigation, as spokesman Steve Yaeger said:
“We were contacted by Mr. Hunt last month and began a discussion about his findings. Our initial investigation concluded that the functions affected did not directly impact operation of the vehicle itself. We were working towards a robust solution from the moment we were alerted to this issue.”
Unlike the Jeep Cherokee scenario, where the car could be controlled remotely by hackers, Nissan assured that the integrity of the Leaf wasn’t compromised, and the app will be update accordingly as soon as possible.