Nissan Disables Electric Car App Over Security Flaw That Allows Other Users To Control Vehicle Temps

If you own a Nissan Leaf and you’ve been unsuccessfully trying to use the NissanConnect EV app to control your car’s heating and cooling systems, there’s nothing wrong with your car or your phone. Nissan has disabled the app after researchers found a flaw that left the vehicle vulnerable to hackers. 

According to Engadget, Nissan disabled the app on Wednesday following an internal investigation… control the temperature of cars other than your own.

Both Nissan and the security researcher found that the dedicated server for the app had an issue that enabled the temperature control and other functions to be “accessible via a non-secure route.”

“We apologize for the disappointment caused to our Nissan LEAF customers who have enjoyed the benefits of our mobile apps,” the company said in a statement to Engadget. “However, the quality and seamless operation of our products is paramount.”

Computer security researcher Troy Hunt described the finding on his blog, noting that if someone has the VIN for another person’s Leaf they could control the temperature from anywhere in the world.

While Hunt points out in his blog that the flaw doesn’t affect driving controls of the vehicle, it should still be taken seriously.

“As car manufacturers rush towards joining in on the ‘internet of things’ craze, security cannot be an afterthought nor something we’re told they take seriously after realizing that they didn’t take it seriously enough in the first place,” he wrote.

Nissan assured customers that the issue does not affect other driving elements of the affected vehicles, and owners can “continue to use their cars safety and with total confidence.”

The company says it will launch an updated version of the app “very soon.”

Nissan disables its Leaf remote control app [Engadget]