Nissan has temporarily disabled a smartphone app designed to allow owners of the Leaf battery-electric vehicle to remotely operate various functions, such as the vehicle’s charging and climate control system.
The problem is that the app, known as NissanConnect EV, could enable hackers to access the vehicle, as well, simply by getting hold of a Leaf’s vehicle identification number, or VIN.
In a blog post, Nissan said the move allows the estimated 200,000 Leaf owners worldwide to “continue to use their cars safely and with total confidence. The only functions that are affected are those controlled via the mobile phone – all of which are still available to be used manually, as with any standard vehicle.”
Hacking has been an ongoing nightmare for computer users, and is becoming more of a problem for smartphone owners, as well. But there also is growing concern about the risks posed by increasingly high-tech automobiles, whether battery-electric vehicles like the Nissan Leaf, or the semi- and fully autonomous vehicles expected to start rolling onto highways over the next few years.
Last year, a pair of security specialists underscored that risk by remotely taking control of a Jeep. Other researchers claimed to have hacked into a Tesla Model S, something that battery-carmaker has disputed.
(Is the car key about to go away? Volvo thinks so. Click Here for the story.)
The latest concern was triggered by a report from cyber-security specialist Troy Hunt, who revealed the NissanConnect vulnerability on his own blog. He said it was easy to find and exploit. The necessary VIN number, he noted, could be secured simply by looking into a Nissan Leaf through the windshield.
“Fortunately, the Nissan Leaf doesn’t have features like remote unlock or remote start, like some vehicles from other manufacturers do, because that would be a disaster with what’s been uncovered,” Hunt wrote.
Nissan said it is planning to update the Leaf app and plans to have a more secure version ready for owners “very soon.”
(To connect or not to connect. Federal regulators debate new car tech. Click Here for more.)
But the discovery of that vulnerability is only likely to increase concerns about cyber-security and the automobile. Today’s vehicles already have dozens of microprocessors onboard, with more coming as additional safety, comfort and convenience features are added. In some cases, hackers could focus on acquiring useful personal information about vehicle owners. But with the emergence of autonomous vehicles, there’s a growing risk that complete vehicle operations could become vulnerable.
During an appearance in Detroit last month, Mark Rosekind, the head of the National Highway Traffic Safety Administration stressed that cyber-security must become one of the auto industry’s highest priorities. It will be the focus of one of the first projects handled by a new industry-government consortium pairing NHTSA and 18 automakers.
“As car manufacturers rush towards joining in on the ‘internet of things’ craze, security cannot be an afterthought nor something we’re told they take seriously after realizing that they didn’t take it seriously enough in the first place,” wrote security expert Hunt.
(For more on the new industry-government consortium, Click Here.)