Watch CBS News

Nissan Leaf car app is taken offline after hack exposed

A prominent security researcher has found a way to hack into the Nissan Leaf, an electric car, from any web browser in the world
Security experts say the Nissan Leaf can be hacked 00:37

Nissan says it is planning to launch updated versions of its app for the Nissan Leaf electric car very soon, following reports that the app could leave vehicles vulnerable to hacking.

The NissanConnect EV app, formerly called CarWings, used for the Nissan LEAF and eNV200, was taken offline after security researcher Troy Hunt said he was able to use it to take control of the heating and cooling systems in a Leaf and access the car's driving record, by knowing a car's VIN (vehicle identification number, a unique ID number assigned to each car).

Hunt revealed the security flaw on his blog Wednesday. He said he spent more than a month trying to get Nissan to resolve the issue.

rtx222ay.jpg
Nissan Leaf electric car REUTERS/Mark Blinch

The app is designed to let owners check their battery charge and control the car's heat or A/C remotely.

Nissan based their decision to take the app offline on Hunt's information and subsequent internal Nissan investigations, and noted that the issue did not affect the safety of the vehicles.

"No other critical driving elements of the Nissan LEAF or eNV200 are affected, and our 200,000-plus LEAF and eNV200 drivers across the world can continue to use their cars safely and with total confidence," Nissan North America told CBS News in an email. "The only functions that are affected are those controlled via the mobile phone - all of which are still available to be used manually, as with any standard vehicle."

The company added: "We apologize for the disappointment caused to our Nissan LEAF and eNV200 customers who have enjoyed the benefits of our mobile apps. However, the quality and seamless operation of our products is paramount."

In his blog, Hunt said that although the security flaw was not as bad as the highly-publicized hack last year that allowed security researchers to take over the driving controls of a Jeep, it should provide a valuable lesson to car manufacturers.

"As car manufacturers rush towards joining in on the 'internet of things' craze, security cannot be an afterthought nor something we're told they take seriously after realizing that they didn't take it seriously enough in the first place," Hunt wrote in his blog.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.