Items tagged with nissanconnect

If you've been skeptical of buying a connected car for fear that its technologies could be used against you, it won't help to learn that Nissan has suspended downloads of a companion app for its Leaf electric vehicle for that very reason. At issue is the woeful lack of security, and in particular the lack of authentication. Here's the deal—the accompanying NissanConnect app, which Leaf owners can install on their smartphones and connect to their car, only looks for the car's VIN. Security researchers Troy Hunt and Scott Helme brought the attention to light yesterday when they published their findings in a blog post. Now a day later, Nissan has disabled the service. "This API thing is just nuts.... Read more...
If you own a Nissan Leaf electric vehicle, you might want to take note of research conducted by Troy Hunt. More specifically, Hunt and fellow researcher Scott Helme were able to demonstrate that certain vehicle functions can be turned on and off remotely thanks to open and unauthenticated APIs that Nissan is using for its NissanConnect services. And this isn’t just some minor fault on the part of Nissan; it represents a spectacular failure of Nissan’s security protocols (or lack thereof) used in the NissanConnect EV app to connect with Leaf EVs via the Internet. “This API thing is just nuts. It's not even like they just missed auth or didn't check, it's actually not implemented,” writes Helme.... Read more...