Imagine riding in your car one fine day and as you drive down the road something strange happens to your vehicle’s smart system without you doing anything to it. The rise of smart car system has also given birth to risks associated with mobile apps designed to remotely control your car, as demonstrated by security researcher Troy Hunt.
Based in Australia, Hunt exploited a bug in the NissanConnect EV app, a tool designed to allow car owners to control specific features of their Nissan LEAF via a smartphone. LEAF is the popular electric car manufactured by Japanese automaker Nissan and it currently provides little comforts to owners.
Alongside these comforts is the risk from bugs that come with the apps. Worst, these bugs could lead to potential danger to your life or loved ones as hackers with precarious intentions could manipulate your vehicle to their desire from a remote location.
The steps are simple to initiate the hack. An attacker can take advantage of the Nissan LEAF car’s unique identifier that is usually stuck to the vehicle’s windshield. Alternatively, and for reasons of stealth, a hacker can guess the identifier and hack any car in random from across the world.
Since the car’s identifier can be easily messed with, that means the app does not have the necessary security features in place to prevent a third-party from pulling data from it. The hacker can then transmit any command to the car and steal data pertaining to the car’s trip history, distance traveled and other information belonging to the car.
The app is only connected to the air conditioning and other systems of Nissan LEAF, and though taking advantage of the app’s bug may not pose a real danger to your life, the case demonstrates a lack of robust security in Internet-connected cars, leaving these cars exposed to cyber threats that lurk in the corner waiting for a victim. Also, it will cause your car’s battery to lose energy more quickly as your car system will use up power for an extended period of time than usual.
Still you consider yourself lucky if you own a Nissan LEAF because the app does not have a feature that lets remote unlock and start access to your car. Typically, most Internet-connected cars enable this capability. This is threatening in a way because when hackers discover a bug to the system, they may take advantage of it.
After Hunt communicated with Nissan to discuss the vulnerability, the automaker responded immediately. But Hunt said the company has yet to release a patch for the bug more than one month after the flaw was discovered.