Nissan Disables Leaf Electric Car App After Hacking Risk Exposed

February 28, 2016 by Ma Jie and Craig Trudell

Nissan Motor Co. disabled a mobile application for controlling its Leaf electric car after a security researcher demonstrated how hackers could access temperature controls and other functions from across continents.

Japan’s second-largest automaker made the app unavailable after Australian researcher Troy Hunt demonstrated an ability to hack into a friend’s Leaf in the U.K. and access information about the battery status and climate controls. Hunt wrote that the car’s vehicle identification number, which is visible through the car’s windshield, was the only piece of information needed to undermine the app’s insecure programming.

U.S. regulators have called for carmakers to bolster security measures after Fiat Chrysler Automobiles NV last year recalled 1.4 million vehicles that hackers could access remotely and control the steering, brakes and engine. Mark Rosekind, administrator for the National Highway Traffic Safety Administration, in January called for specific actions the government can take in the next year to speed the adoption of technologies that would make autos less vulnerable.

Nissan apologized on its Facebook page after disabling the electric car’s app and said it’s working on an updated version. The only functions that could be controlled remotely via the app can be operated manually, according to an e-mailed statement.