Nissan Leaf HVAC-Hack Vulnerability Disclosed

GWBasic writes: Some of Nissan's Leaf cars can be easily hacked, allowing their heating and air-conditioning systems to be hijacked, according to [Troy Hunt,] a prominent security researcher. .... Mr Hunt said the root of the problem was that the firm's NissanConnect app needed only a car's vehicle identification number (VIN) to take control. That means that pranksters could pretty easily run down a Leaf's battery via Nissan's app just by cycling through VIN numbers, which, the article points out, typically vary only in the last few digits for same-region Leafs, and for an electric car that's a big deal -- you can't just get a quick jump and be on your way. For now, Hunt says, the only thing owners can do is disable the remote-control feature completely.

Jesus christ

I've been driving for nearly 30 years and I have yet to come up with a reason why my car needs to be on the internet. Or my DVD player. Or TV. Or refrigerator. Or light bulbs. They all seem to work just fine in standalone mode.

At this point...

[QuietLagoon]

... for such an egregious lapse in security to be present in a vehicle, it should be criminal.

.
It appears that is the only way the car manufacturers will sit up and pay attention to the need for security in their vehicles.

Re:Tiny non-problem discovered

[cayenne8]

Why would you have a remote control feature on a car enabled at ALL?

Re:Tiny non-problem discovered

[beelsebob]

Because it's really convenient to be able to start the air conditioning remotely, so that the car is already cool when you get in it. This is especially important with electric cars, where the power to cool the car down initially will then be drawn from the grid, not the battery.