Nissan has disabled the app used with its Nissan Leaf electric cars over hacking fears.
A flaw found in the Leaf’s app software could allow an attack to run down the battery on a target’s car and see data about recent destinations of travel.
Nissan was alerted to the issue one month ago and disabled the app after details of the flaw were shared online.
It was soon revealed that the company’s eNV200 electric vans were also vulnerable.
The security researcher who had alerted the Japanese automaker to the problem a month ago believes the company should have acted more quickly.
Troy Hunt said he only blogged about the risk after seeing that other people had discovered and discussed it in online forums.
Hunt found that anyone could control a car’s heating and air condition systems by sending commands via a web browser.
All that is required to take advantage of a Nissan Leaf driver is a vehicle identification number (Vin).
Vin numbers are stencilled into the windscreens of cars, making them easy to obtain.
Hunt feared that hackers could determine when someone left their home, draining their battery, and leaving them stranded.
The hack doesn’t work when cars are moving and it does not affect steering controls.
“The NissanConnect EV app – formerly called CarWings – is currently unavailable,” the company said in a statement.
Here’s Nissan’s full response:
“This follows information from an independent IT consultant and a subsequent internal Nissan investigation that found the dedicated server for the app had an issue that enabled the temperature control and other telematics functions to be accessible via a non-secure route.
No other critical driving elements of the Nissan Leaf or eNV200 are affected, and our 200,000-plus LEAF and eNV200 drivers across the world can continue to use their cars safely and with total confidence.
We apologise for the disappointment caused to our Nissan Leaf and eNV200 customers who have enjoyed the benefits of our mobile apps. However, the quality and seamless operation of our products is paramount.
“We’re looking forward to launching updated versions of our apps very soon.”