Renowned security research Troy Hunt discovered a vulnerability in some of Nissan’s Leaf electric cars that allow attackers to hijack the vehicle’s heating and air-conditioning systems. Additionally, a flaw in the Leaf’s companion mobile app also leaves data regarding drivers’ recent journeys vulnerable.
In his blog post, Hunt indicated that he gave Nissan a month to resolve the security issue before going public with it. He also states that Nissan Leaf owners could effectively close the security gap themselves by disabling their Nissan CarWings/NissanConnect account.
The Nissan Leaf vulnerability is just the latest in a series of security incidents involving connected autombiles. In August 2015, hackers remotely killed a moving Jeep Cherokee on a highway via an security exploit—with Wired journalist Andy Greenberg in the vehicle. Hackers reportedly hacked into the Cherokee from a basement as the Greenberg drove the SUV on a highway ten miles away.