Nissan Does The Right Thing, Suspends App Downloads Until They Fix Leaf Hacking Issues

By
Jason Torchinsky
Comments (31)
We may earn a commission from links on this page.

Yesterday, we reported on a significant security hole with Nissan Leafs (and electric eNV200 vans) that would allow some HVAC systems and a good amount of owner data to be accessed via the web. The hole was, pretty much, that there was no real security at all. Happily, it looks like Nissan is taking the issue seriously and taking steps to correct it.

Suggested Reading

A 70 Percent Off Car You Can't Fuel And An Electric Van Built By The Fed In The '80s In This Week's Car Buying Roundup
Cleaning Car Headlights, The Death Of The Novelty Antenna Topper And A Cop Looking At ‘Boobs Or Whatnot’ In This Week's Car Culture Roundup
Tesla’s Brand Value Nosedives, VW Dealers And Scout Rumble And BYD Is Dominating In This Week's News Roundup
It's Time To Discontinue The Model S | Jalopinions
Subtitles
  • Off
  • English

Suggested Reading

A 70 Percent Off Car You Can't Fuel And An Electric Van Built By The Fed In The '80s In This Week's Car Buying Roundup
Cleaning Car Headlights, The Death Of The Novelty Antenna Topper And A Cop Looking At ‘Boobs Or Whatnot’ In This Week's Car Culture Roundup
Tesla’s Brand Value Nosedives, VW Dealers And Scout Rumble And BYD Is Dominating In This Week's News Roundup
It's Time To Discontinue The Model S | Jalopinions
Subtitles
  • Off
  • English

The NissanConnect EV app, which lets Leaf owners access their car’s information and some controls remotely, was the main conduit for the potential unwanted access, and has been made unavailable. I suspect that even for users that have the app downloaded already, the servers the app talks to (which in turn communicates with the cars) have been taken down, at least temporarily.

Advertisement

Related Content

Annoying YouTuber Tropes, The Next Presidential Limo And The Maintenance You're Ignoring In This Week's QOTD Roundup
Daddy Long Legs Train, Omnidirectional Orbs And The Return Of Supersonic Flight In This Week's Beyond Cars Roundup

Related Content

Annoying YouTuber Tropes, The Next Presidential Limo And The Maintenance You're Ignoring In This Week's QOTD Roundup
Daddy Long Legs Train, Omnidirectional Orbs And The Return Of Supersonic Flight In This Week's Beyond Cars Roundup

Here’s the statement we got from Nissan:

The NissanConnect EV app (formerly called CarWings, which is used for the Nissan LEAF and eNV200) is currently unavailable.

This follows information from an independent IT consultant and subsequent internal Nissan investigation that found the dedicated server for the app had an issue that enabled the temperature control and other telematics functions to be accessible via a non-secure route.

No other critical driving elements of the Nissan LEAF or eNV200 are affected, and our 200,000-plus LEAF and eNV200 drivers across the world can continue to use their cars safely and with total confidence. The only functions that are affected are those controlled via the mobile phone – all of which are still available to be used manually, as with any standard vehicle.

We apologize for the disappointment caused to our Nissan LEAF and eNV200 customers who have enjoyed the benefits of our mobile apps. However, the quality and seamless operation of our products is paramount.

We’re looking forward to launching updated versions of our apps very soon.

Sure, in an ideal world, Nissan would have noticed what a huge security hole this was, but, whatever, we’re all human, or at least massive car companies full of humans. Nissan’s doing the right thing now, and will hopefully take care of the problem, and learn from this mistake.

Advertisement

I’m sure they’re not the only automaker to have overly lax online security in their connected cars. Hopefully other manufacturers will learn from this example as well.

Contact the author at jason@jalopnik.com.