THE ELECTRIC Nissan Leaf can be blown over by hackers, according to a security researcher, who said that you could control some of its features remotely if you were so inclined.
Troy Hunt, who is already a name in the security industry, has blogged about this and shaken Leaf drivers like leaves.
This ain't the first time that a car has been hacked, and it isn't the most devastating.
Hunt said that it is possible to sit around somewhere and play with features on the Nissan car thanks to the paper bag-like security in a Nissan app called Connect. This means that a hacker could muck about with the temperature inside the car from blooming miles away.
This is just one example, and on just one car. The same trick was tried on Leafs in the wild, however, and it worked. Hunt and the hunters were able to gain access to a number of other vehicles, and presumably make their owners a bit hot around the collar and cool around the feet.
Individual drivers can also be identified and tracked through access to the vehicle identification number etched on the windscreen. These things add up, of course, and hackers will find a use for them.
We asked Nissan for its position on this and was told that the company has suspended the Connect software service.
"The NissanConnect EV app is currently unavailable. This follows information from an independent IT consultant and subsequent internal Nissan investigation that found the dedicated server for the app had an issue that enabled the temperature control and other telematics functions to be accessible via a non-secure route," the firm said.
"No other critical driving elements of the Nissan Leaf or eNV200 are affected.
We apologise for the disappointment caused to our Nissan Leaf and eNV200 customers who have enjoyed the benefits of our mobile apps. However, the quality and seamless operation of our products is paramount."
The firm will release updated versions of the app soon, which is pretty much what Hunt was hoping for.
"In my view, this is the sort of flaw that needs to have the service pulled until it can be fixed properly and restored. It's not a critical feature of the vehicle yet it has the potential to affect its physical function and there's the privacy risk as well. Plus, of course, it's already being discussed publicly so the risk is well and truly out in the public domain already," he said in a blog post.
"I want to see Nissan secure this. I own a Nissan myself (albeit not a connected one) which I'm passionate about and am very invested in the brand emotionally and financially. But they do need to take action on this because clearly the current state is not satisfactory." µ
To hear more about security challenges, the threats they pose and how to combat them, make sure you sign up for the Computing Enterprise Security and Risk Management conference on 24 November.
Beta go give it a whirl
Your 2 Unlimited records never sounded (so) good
That's, um, £2,906 over two years
He also stands accused of taping songs off the radio and jaywalking