Anyone seen this article on BBC News
http://www.bbc.co.uk/news/technology-35642749
Apparently some Nissan Leaf vehicle's can be hacked via car wings as shown on http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html?m=1
MODERATORS NOTE:
Multiple threads merged. Will be updating this post with instructions on how to secure yourself until Nissan fixes this severe security vulnerability.
Update 2/24/16 19:00 PDT: It's been reported that Nissan has disabled the API blocking the issue for now.
Summary:
There is a severe vulnerability in NissanConnect EV which allows one to access your account using only your VIN. Once in, this user can issue any command to your car that you would be able to, as well as view your historical data. If you have not registered or set up your vehicle, you are not vulnerable.
How to secure yourself and your vehicle:
The only known way to secure access to your vehicle is to disable NissanConnect EV until Nissan fixes this issue. It appears that the only way to do this is through the Nissan website. If you have made your VIN public, such as through your profile on this site, recommend you remove it.
US LEAF Owners:
Go to the US site and log in: https://www.nissanusa.com/nowners/
Select "Manage Vehicle" and click "Decline" for the NissanConnect EV Agreement.
Alternatively, you can "Delete Vehicle", which will delete all your driving history!
UK LEAF Owners:
Go to the UK site and log in: https://www.nissan.co.uk/GB/en/YouPlus/welcome_pack_leaf.html
Select "Configuration" and Click the "Remove CarWings".
Canadian, French, Norwegian owners are also confirmed as vulnerable. One should assume that all LEAF telematics systems are vulnerable.
http://www.bbc.co.uk/news/technology-35642749
Apparently some Nissan Leaf vehicle's can be hacked via car wings as shown on http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html?m=1
MODERATORS NOTE:
Multiple threads merged. Will be updating this post with instructions on how to secure yourself until Nissan fixes this severe security vulnerability.
Update 2/24/16 19:00 PDT: It's been reported that Nissan has disabled the API blocking the issue for now.
Summary:
There is a severe vulnerability in NissanConnect EV which allows one to access your account using only your VIN. Once in, this user can issue any command to your car that you would be able to, as well as view your historical data. If you have not registered or set up your vehicle, you are not vulnerable.
How to secure yourself and your vehicle:
The only known way to secure access to your vehicle is to disable NissanConnect EV until Nissan fixes this issue. It appears that the only way to do this is through the Nissan website. If you have made your VIN public, such as through your profile on this site, recommend you remove it.
US LEAF Owners:
Go to the US site and log in: https://www.nissanusa.com/nowners/
Select "Manage Vehicle" and click "Decline" for the NissanConnect EV Agreement.
Alternatively, you can "Delete Vehicle", which will delete all your driving history!
UK LEAF Owners:
Go to the UK site and log in: https://www.nissan.co.uk/GB/en/YouPlus/welcome_pack_leaf.html
Select "Configuration" and Click the "Remove CarWings".
Canadian, French, Norwegian owners are also confirmed as vulnerable. One should assume that all LEAF telematics systems are vulnerable.