Security experts have revealed that the world’s currently best-selling electric car, Nissan LEAF could be remotely hacked.
Security expert Troy Hunt detailed his surprising findings on his blog and illustrated them through a video during which he is able to remotely control the car of fellow researcher Scott Helme. In the video Hunt turns on the car’s heated seating, heated steering wheel, fans and air conditioning. He was able to control the car over the internet from a different country simply by exploiting a flaw in the car’s iPhone app. Although only stationary vehicles can be remotely controlled like this, the hack allows hackers to see the name of the car’s owner which could reveal their identity.
This means that although the damage a hack like this can do is quite limited because the mobile app mainly controls heating and air-conditioning in the car, this is still a major security vulnerability for Nissan.
LEAF’s poor security protocols are made even worse by the fact that all hackers needed to remotely control other users’ cars is their Vehicle Identification Number or VIN. Not only are VINs often visible in the window of LEAF cars but VINs only differ in the last 5 digits so it would be very easy for hackers to run software generating every possible VIN for cars currently in circulation.
Not all LEAF owners use Nissan’s Connect iPhone app so not all vehicles are vulnerable to hacking, however, it did not take Hunt and his team very long to find a VIN for a hackable car which allowed them to use the software to find out the vehicle’s battery status.
As electric cars have become more and more popular in response to people’s growing concerns about air pollution and reliance on fossil fuels, many vulnerabilities within their security systems have been revealed. Last year there were multiple reports in the press of serious car hacks during which remotely controlled cars had their doors unlocked or windscreen wipers turned on and off?
There was even a case of a Jeep stopped in the middle of traffic with the driver trapped inside the car unable to control it. However, newer security solutions like the car keys chip developed by Swiss computer scientist, Boris Danev, which is able to block access to the car’s system from outside the car are giving electric car manufacturers new hope that their devices will not fail on the market due to consumers’ security worries.
Although Hunt reported the hack to Nissan over a month, they still have not been able to fix this security issue. Thus, he warned all LEAF owners to disconnect their cars from the app because anyone could find out their VIN and hack their vehicle.