On Wednesday, a computer programmer named Troy Hunt revealed the Nissan Leaf can be controlled halfway around the world using nothing more than a Web browser. What’s frightening is that the Leaf doesn’t need to be modified in any way to control features independently. That puts all Leaf owners at risk, and, it goes without saying, is a huge problem for Nissan.
Hunt describes in detail exactly how he and some colleagues discovered the vulnerability, which basically boils down to a flaw in the Leaf’s companion app. With some basic information, Hunt was able to expose data about a driver’s location history and even crank the AC, which could, in turn, drain the battery. That’s the extent of which Hunt was able to control the Leaf, but if left unchecked, it could leave the door open for more dangerous scenarios.
Nissan apparently hasn’t fixed the issue but is aware there are such vulnerabilities. Hunt, for his part, suggested Leaf owners disable their Nissan CarWings account as a precaution; if you’ve never signed up for one, you’re not at risk. If you want a more in-depth account of how Hunt and his colleague discovered the vulnerability, head on over to the source link below.