Following reports that its companion app was hackable, Nissan has disabled its NissanConnect EV app.
Australian computer security researcher Troy Hunt published a blog post on the vulnerabilities in the NissanConnect EV app, formerly called CarWings. According to Hunt, the app enabled hackers to access the Leaf's temperature controls, review its driving record, and even abuse the code to hack the climate system in any car, so long as they know the car's Vehicle Identification Number or VIN. Hackers could target vehicles from anywhere with this information. Hunt says that he told Nissan about the flaw on January 23 and had continued to attempt to contact the company, with no response. "I made multiple attempts over more than a month to get Nissan to resolve this and it was only after the Canadian email and French forum posts came to light that I eventually advised them I'd be publishing this post," said Hunt. "All in all, I sent ten emails (there was some to-and-fro) and had one phone call. This morning I did hear back with a request to wait 'a few weeks' before publishing, but given the extensive online discussions in public forums and the more than one-month lead time there'd already been, I advised I'd be publishing later that night and have not heard back since."
Nissan has since disabled the app, but did not announce this move. In an email to USA TODAY, Nissan's Steve Yaeger said that the issues plaguing the app had "no effect whatsoever on the vehicle's operation or safety." In a separate statement Nissan said, "Our 200,000 Leaf drivers across the world can continue to use their cars safely and with total confidence. The only functions that are affected are those controlled via the mobile phone – all of which are still available to be used manually, as with any standard vehicle." Nissan plans to launch an updated version of its app "very soon."
Photo: © iStock.