"What the workshop attendee ultimately discovered was that not only could he connect to his LEAF over the internet and control features independently of how Nissan had designed the app, he could control other people’s LEAFs."
more, including video:
http://www.troyhunt.com/2016/02/control ... issan.html
Nissan Leaf - vulnerable APIs
-
tassie_tiger
- Groupie
- Posts: 119
- Joined: Mon, 16 Jun 2008, 14:58
- Real Name: Andrew
- Contact:
Nissan Leaf - vulnerable APIs
My hobby interests are EV's and competitions. aeva.asn.au for ev's and www.lottos.com.au for competitions. If your partner complains about you ev'ing, send 'em to lottos!
-
mikedufty
- Senior Member
- Posts: 668
- Joined: Tue, 02 Dec 2008, 00:15
- Real Name: Michael Dufty
- Location: Perth, Western Australia
- Contact:
Nissan Leaf - vulnerable APIs
It doesn't seem particularly dangerous, the worst it seems is to allow people to turn on your airconditioning for 15 minutes.
Quite concerning that they don't seem to have made any attempt whatsoever to secure the communications though.
Quite concerning that they don't seem to have made any attempt whatsoever to secure the communications though.