clock menu more-arrow no yes

Filed under:

Nissan pulls the Leaf's phone app after security vulnerabilities come to light

Nissan

Just a day after news spread that Nissan Leaf's NissanConnect app could be compromised by hackers to control fan settings (potentially draining the battery) and download logs of past drives, Nissan has pulled the functionality, saying that it is "looking forward to launching updated versions of [its] apps very soon."

Information security has been a particularly pressing concern in the auto industry, where the concept of the connected car has, at times, moved faster than the industry's ability to keep hackers at bay. The NissanConnect hack, which allows an individual to download and manipulate settings if they have a Leaf's VIN number, is not the most serious hack — there doesn't appear to be any situation where it would put a moving vehicle in harm's way — but it could effectively disable a car by draining the battery. In the worst case, hackers could also use drive logs to get a sense of when the car's owner is at home, at work, or elsewhere.

The pulling of the app until Nissan can get it patched is good — although the researcher who discovered the hack, Troy Hunt, says that he first corresponded with the company about it on January 23rd. That gave Nissan a full month without public disclosure to act, but it was only when Hunt went public with the hack that the system was taken offline.

Here's Nissan's full statement:

The NissanConnect EV app (formerly called CarWings and is used for the Nissan LEAF) is currently unavailable.

This follows information from an independent IT consultant and subsequent internal Nissan investigation that found the dedicated server for the app had an issue that enabled the temperature control and other telematics functions to be accessible via a non-secure route.

No other critical driving elements of the Nissan LEAF are affected, and our 200,000-plus LEAF drivers across the world can continue to use their cars safely and with total confidence. The only functions that are affected are those controlled via the mobile phone - all of which are still available to be used manually, as with any standard vehicle.

We apologize for the disappointment caused to our Nissan LEAF customers who have enjoyed the benefits of our mobile apps. However, the quality and seamless operation of our products is paramount.

We're looking forward to launching updated versions of our apps very soon.