Nissan has disabled the smartphone app used by its popular Leaf electric car, following the publication of a major security flaw that could have allowed hackers to easily drain the car’s battery.
A company spokesperson announced that the app, called NissanConnectEV (formerly CarWings), is currently unavailable. This move followed the research from an independent IT consultant and an internal investigation that found the app allowed anyone to see some navigation data and control temperatures inside the car.
As for the independent IT consultant, it was Troy Hunt, an Australia-based security researcher who found the flaw more than a month ago. In a post on his blog, Hunt claims that he has bought this issue to Nissan’s notice then, so that the company could address the security flaw. He made multiple attempts to get a resolution, but ultimately decided to make the flaw public on Wednesday after others discovered the problem and began discussing it online.
“If I was to monitor your movements over the course of the week and learn when you go to and from work, shortly after you got to your office I could run the heating for the remainder of the day,” Scott Helme, a cybersecurity researcher who worked with Hunt, said. “That would potentially leave you with very little power. Certainly not enough to get back home.”
Even though the app is taken down, the functions that were available earlier on the phone can still be controlled manually. Nissan said it was looking forward to launching updated versions of its app “very soon.“.
“No other critical driving elements of the Nissan Leaf are affected, and our 200,000 Leaf drivers across the world can continue to use their cars safely and with total confidence,” the company said.
Did you encounter any battery issues whilst driving your Leaf? Let us know in the comments below.
