'Nissan disabled a Leaf app that could be hacked and used to control features on the EV' 'No authorisation on the app, which is bizarre'
http://www.wired.co.uk/news/archive/2016-02/24/nissan-car-hacked Nissan Leaf electric cars vulnerable to hacking 24 FEBRUARY 16 EMILY REYNOLDS [video https://youtu.be/Nt33m7G_42Q ] Nissan's Leaf car, the world's best selling electric car, can be remotely hacked, according to security experts. Troy Hunt, who has detailed his findings on his blog, along with fellow security researcher Scott Helme found they were able to remotely turn on the car's heated seating, heated steering wheel, fans and air conditioning. Hunt discovered the vulnerability during a software workshop he was attending. He was able to connect to a Leaf model via the internet before he was able to "control features independently". Although the hack was only successful on a non-moving car, the hacker would still be able to see the owner's username -- which could potentially reveal their identity. "Whilst it's not specifically personally identifiable information such as the individual's address, it may not take too much effort to fill that gap," Hunt wrote. The hack works, according to Hunt, because Nissan's Connect app, which allows users to control their car, has poor security -- in fact, you only need a car's vehicle identification number in order to gain access to the car. This number is often visible in the window of a car. And because these numbers only differ in the last five digits, it's possible for hackers to use tools to test every possible configuration -- allowing potential access to any car. "We didn’t need to test all 20,000 possible VINs within that range," Hunt wrote. "We just had to issue requests until we found one that returned the battery status of another vehicle." It's not the first vehicle to fall short of security standards. Last year, WIRED US reported on a "summer of epic car hacks" in which cars doors were unlocked, windscreen wipers turned on and off. One car, a Jeep, was "paralysed" on the motorway with a driver inside. Worry not, though -- solutions are already being designed. Boris Danev, a Swiss computer scientist, has developed a chip for car keys. The small piece of silicon can fit inside a key and blocks hacking signals from outside of the car. The hack no longer worked after Helme disconnected his car from the app, but Hunt warns that users who do have a connected app are at risk. "Anyone could potentially enumerate vehicle identification numbers and control the physical function of any vehicles that responded," he wrote. "That's a very serious issue." "While it's good that the hack doesn't impact the driving controls of the vehicle, the ease of gaining access to vehicle controls in this fashion doesn't get much easier -- it's profoundly trivial," he wrote. "As car manufacturers rush towards joining on the Internet of Things craze, security cannot be an afterthought." [© wired.co.uk] http://www.bbc.com/news/technology-35642749 Nissan Leaf electric cars hack vulnerability disclosed 24 February 2016 Leo Kelion [video flash Troy Hunt controlled the climate systems of a car parked on the other side of the world images http://ichef.bbci.co.uk/news/768/cpsprodpb/12DEB/production/_88419277_29d26acc-ccad-47f8-850b-155ce6133d75.jpg Mr Hunt believes the NissanConnect app needs to do more to check the user's identity http://ichef-1.bbci.co.uk/news/768/cpsprodpb/1121A/production/_88407107_54c3c8fd-c280-4e9a-953c-63c6aca2618a.jpg Troy Hunt Mr Hunt said he decided to publicise the problem because other car owners were aware of it http://ichef-1.bbci.co.uk/news/768/cpsprodpb/27BA/production/_88407101_a7bbad29-48f5-4027-835c-b51e423633c2.jpg Nissan Leaf Mr Hunt was able to connect to a friend's Nissan Leaf and see data about recent journeys http://ichef-1.bbci.co.uk/news/768/cpsprodpb/C3FA/production/_88407105_e77f2b8c-7b5b-4b6d-a20c-0bcd3e5c1da1.jpg Nissan Leaf Nissan announced in December than more than 200,000 Nissan Leaf cars had been sold to date ] Some of Nissan's Leaf cars can be easily hacked, allowing their heating and air-conditioning systems to be hijacked, according to a prominent security researcher. Troy Hunt reported that a flaw with the electric vehicle's companion app also meant data about drivers' recent journeys could be spied on. Mr Hunt said he gave the firm a month to fix the issue before he decided to make it public. Nissan said there was no safety threat. The problem remains unresolved but Mr Hunt said car owners could protect themselves by disabling their Nissan CarWings account. Those who have never signed up are not at risk. Mr Hunt acknowledged that the issue was not life-threatening, but said hackers could still exploit the app's vulnerability to cause mischief by running down people's batteries. "The right thing to do at the moment would be for Nissan to turn it off altogether," Mr Hunt told the BBC. "They are going to have to let customers know. And to be honest, a fix would not be hard to do. "It's not that they have done authorisation (on the app) badly, they just haven't done it at all, which is bizarre." A spokeswoman for Nissan said it was tackling the problem. "Nissan is aware of a data issue relating to the NissanConnect EV app that impacts the climate control and state of charge functions," she said. "It has no effect whatsoever on the vehicle's operation or safety. "Our global technology and product teams are currently working on a permanent and robust solution. "We are committed to resolving the issue as a matter of priority, ensuring that we deliver the best possible experience for our customers through the app now and in the future." Mr Hunt said the root of the problem was that the firm's NissanConnect app needed only a car's vehicle identification number (Vin) to take control. The code is usually stencilled into a car's windscreen, making it relatively easy to copy. The initial characters of a Vin refer to the brand, make of car, and country of manufacture/location of the firm's headquarters. So, Mr Hunt said, it would only be the final numbers that varied between different Nissan Leafs based in the same region. "Normally it's only the last five digits that differ," he explained. "There's nothing to stop someone from scripting a process that goes through every 100,000 possible cars and tries and turn the air conditioning on in every one. "They would then get a response that would confirm which vehicles exist." Hack tested Attackers would not even need to use the app, he added, since the commands could be sent via a web browser. To confirm the problem, Australia-based Mr Hunt used the Vin number of a Nissan Leaf-owning acquaintance based in the UK. "I was sat in the vehicle with everything powered off and didn't have my key on me," recalled Scott Helme, who is also a cybersecurity adviser. "So, the vehicle was as it would be if it was completely unattended. "As I was talking to Troy on Skype, he pasted the web address into his browser and then maybe 10 seconds later I heard an internal beep in the car. "The heated seat then turned on, the heated steering wheel turned on. And I could hear the fans spin up and the air-conditioning unit turn on." Further tests indicated that the hack did not work if the vehicle was in motion. But it was possible to see the owner's registered username, which might help reveal their identity. Furthermore, times and distances of recent journeys were disclosed, but not location data. As soon as Mr Helme unregistered his app, Mr Hunt could no longer contact his car. "It's not as bad as it could be," Mr Helme told the BBC. Online forum "But if I was to monitor your movements over the course of the week and learn when you go to and from work, shortly after you got to your office I could run the heating for the remainder of the day. "That would potentially leave you with very little power - certainly not enough to get back home." Further analysis indicated that the app does not talk directly to the cars, but instead sent its commands via Nissan's computer servers. As a result, Mr Hunt said, it would be easy for Nissan to suspend the service. The researcher also discovered that some Canadian owners of the Leaf had discovered and shared knowledge of the flaw on an online forum and had posted a web address that could be used to spoof the app. "I decided we were past the point of not letting the cat out of the bag," he said, justifying his decision to blog about the discovery before Nissan had issued a fix. "Unfortunately what we are seeing is just another case of security being important after a problem is discovered," he added. [© 2016 BBC] ... http://www.theguardian.com/technology/2016/feb/24/hackers-nissan-leaf-heating-access-driving-history Hackers can control Nissan Leaf's heating and access driving history 24 February 2016 Hackers can control features in Nissan’s Leaf electric cars over the internet, enabling them to remotely enable the air conditioning and heating, or pull information from the car including driving history, replete with GPS co-ordinates ... http://www.shropshirestar.com/news/uk-news/2016/02/25/nissan-disables-leaf-electric-cars-companion-app-in-hacking-scare/ Nissan disables Leaf electric cars' companion app in hacking scare February 25, 2016 Nissan has disabled a companion app for its line of Leaf electric cars after it was discovered it could be hacked and used to control features on the car ... http://europe.autonews.com/article/20160225/COPY/302259963/nissan-citing-security-risks-disables-leaf-app For EVLN EV-newswire posts use: http://evdl.org/evln/ {brucedp.150m.com} -- View this message in context: http://electric-vehicle-discussion-list.413529.n4.nabble.com/EVLN-Leaf-EVs-vulnerable-to-hacking-drain-battery-more-tp4680666.html Sent from the Electric Vehicle Discussion List mailing list archive at Nabble.com. _______________________________________________ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org Read EVAngel's EV News at http://evdl.org/evln/ Please discuss EV drag racing at NEDRA (http://groups.yahoo.com/group/NEDRA)
