Nissan has a security issue on their hands, as a flaw has been discovered in their Leaf electric cars that opens them up to be hacked.
Security researcher Troy Hunt says that the vulnerability exists in the vehicle's companion app and affects the heating and air conditioning system, according to BBC News. He added that while the issue is not life-threatening, hackers could use this flaw to run down owner's batteries and obtain data about their recent journeys.
All the NissanConnect app needs to take control is the Leaf's identification number (Vin), Hunt noted, and the code is relatively easy to copy since it's usually stenciled into the car's windscreen. Vins' initial characters refer to the car's brand and make, as well as the country of manufacture/location of the company's headquarters, which means they would only be the last numbers that varied between different Leafs based in the same area.
"There's nothing to stop someone from scripting a process that goes through every 100,000 possible cars and tries and turn the air conditioning on in every one," Hunt explained. "They would then get a response that would confirm which vehicles existed."
The Australia-based researcher added that hackers wouldn't even need the app to get in, as web browsers can also be used to send the commands, BBC News noted.
Hunt said that while he gave Nissan a month to solve the problem before he decided to publicly reveal it, but it has apparently not been fixed yet, Ubergizmo reported. Nissan has yet to comment on the issue.
Users can keep their cars safe by disabling the Nissan CarWings account, Hunt noted while suggesting that Nissan turn it off all together.
"The right thing to do at the moment would be for Nissan to turn it off altogether," he said. "They are going to have to let customers know. And to be honest, a fix would not be hard to do. It's not that they have done authorization [on the app] badly, they just haven't done it at all, which is bizarre."