Remote control ANY Nissan Leaf

Forums › Transport (cars, bikes and boats) › Remote control ANY Nissan Leaf

jarledb

Webhead
3319 posts

Uber Geek
+1 received by user: 1983

Moderator

ID Verified

Trusted

Lifetime subscriber

#192056 25-Feb-2016 15:45

This story turned up in my feeds today:

Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs

The short of it is: If you have a Nissan Leaf and have set up the app to control the car, ANYONE ANYWHERE can control the same functions you can control via the app. There is NO security what so ever, and the only thing an "attacker" needs is the VIN of your car.

Talk about lack of security.

Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.

gzt

18679 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

#1499227 25-Feb-2016 15:57

This is only important if I can use it to turn off the annoying taillights. But otherwise I like the Leaf.

wellygary

8810 posts

Uber Geek
+1 received by user: 5287

#1499228 25-Feb-2016 16:04

well you could until today:

Update, 25 Feb: Nissan has now taken the service offline.

jarledb

Webhead
3319 posts

Uber Geek
+1 received by user: 1983

Moderator

ID Verified

Trusted

Lifetime subscriber

#1499240 25-Feb-2016 16:38

wellygary:

well you could until today:

Update, 25 Feb: Nissan has now taken the service offline.

Which is the right thing to do. But it boggles the mind how a car company can make something like this. Its impossible to make it less secure.

RUKI

1405 posts

Uber Geek
+1 received by user: 422

#1499686 26-Feb-2016 11:12

Manual suggests, quote: "Data Center allows for various remote function services.
. Li-ion battery status check
. Remote charge: The function of starting Li-ion battery charge or starting the heater and air conditioner is available using your personal computer or internet enabled smart phone.
. Unplugged status: A notification e-mail will be sent to your personal computer or internet enabled smart phone if the plug is not connected at the
certain time you selected, after you turning off the power switch in registered place."

Comment: When you turn AV unit on - there is menu to allow or disallow remote access. Going further into the setting - TCU can be easily deactivated by the user.

When they said in the report that hacker was able to quote: "review its driving record" - that is interesting claim. What excactly? Was the hacker "the man in the middle" intercepting traffic between the car and the data centre?

jarledb

Webhead
3319 posts

Uber Geek
+1 received by user: 1983

Moderator

ID Verified

Trusted

Lifetime subscriber

#1499692 26-Feb-2016 11:23

@Ruki - its right there in the story. No man in the middle, just have to known the VIN (or guess it).

Just search for "driving history" in the story, and you will find the data that were accessible.

From what I understand they only used commands that were available in the app (looking at network traffic between the app and the server), so there might have been other data in the system that they didn't find.

Mind you, the service is closed now, and hopefully when they bring it online again it will be secured, instead of being completely accessible to the whole world.

RUKI

1405 posts

Uber Geek
+1 received by user: 422

#1499905 26-Feb-2016 14:59

jarledb:

.... No man in the middle, just have to known the VIN (or guess it).

... Mind you, the service is closed now, and hopefully when they bring it online again it will be secured, instead of being completely accessible to the whole world.

I have the AV unit frm USA Leaf in my LAB. VIN is not recorded in AV unit according to the Service Manual. It is recorded in TCU. If you switch "Carwings" off - TCU should not be sending any data. Knowing VIN if TCU is not switched on is of no value. Even if it is on - there is nothing really of an issue. Your destination point in the GPS is perhaps something paranoid person may have concerns about.

In New Zealand - Japanese Leafs have TCU with CDMA (correct me as I did not see it in person only online). That means - even if you want to set it up - there is only one way of doig it - swap TCU to the one with the SIM which will work on our networks and subscribe to the service. Carwings (Nissan Connect EV) does not work without subscribtion.

Your mobile phone is more vulnarable in that sense.

IT Geeks here may express thier educated view on how is that different from many applications on Android Phones from Google Play requiring access tp your personal data including GPS position etc? How secure is that? I guess hacker can't turn your aircon on via your mobile :-)
As for the Leaf - I may ask to send me TCU unit to see if it can accept local SIM cards. The problem is - you need to have Consult3+ to program VIN into TCU. I do not have Consult Interface Cable. Anyone?