New car hacking case, with a Nissan Leaf, exposes danger of connected cars

In the middle of last year, I have written an article about a Jeep Cherokee that has been totally controlled at a distance by two hackers (in Portuguese). This case was brought to light by an article of Wired and was so worrying FCA has even recalled its cars that were prone to a hacker attack. Apparently it was not enough to bring awareness to companies, since two other hackers, Troy Hunt and Scott Helme, have proved a Nissan Leaf could be accessed from another country. Check their video below.

Hunt lives in Australia and Helme in the UK. Even so, Hunt could retrieve information from the car, such as recent trips, with the distance the car has run in each of them, and even how charged the batteries were. In what refers to the control part, Hunt could turn on and off the seats heating and the HVAC system.

The access has happened through a Leaf mobile application that gives access exactly to this sort of information and allows the owner of the car to turn on the seat heaters and the HVAC system. The problem is that Hunt has proven anyone can do the same with your car in case they have your VIN number (which is printed on the car’s windows).

The worst part of it all is that Hunt has tried to contact Nissan in order to warn about this major security breach, but the company has not done anything. Hunt describe all his contact attempts in his website. And it is a shame Nissan has only promised to take measures, but not effectively announced anything for many days. After Hunt came public with the story, Nissan has shut down the mobile app. No word on correcting it has come out so far.

Having internet in your car may be extremely convenient to some extent, but while carmakers don’t take digital safety seriously, it is like walking naked and with piles of money in your hands among thieves and rapists. In case you are not sure if your car is protected against any sort of invasion, we would recommend you did not have any sort of internet connection in it. Too many hacking cases to ignore. And, in this case, they will not fry your hard disk. They may fry you and your family.

Gustavo Henrique Ruffo

I have been an automotive journalist since 1998 and have worked for many important Brazilian newspapers and magazines, such as the local edition of Car and Driver and Quatro Rodas, Brazilian's biggest car magazine. I have also worked for foreign websites, such as World Car Fans and won a few journalism prizes, among them three SAE Journalism Awards and the 2017 IAM RoadSmart Safety Award. I am the author of "The Traffic Cholesterol", a book about bad drivers that you can buy at Hotmart, Google Play, Amazon and Kobo.