ObiQuiet
Well-known member
Have any of you confirmed that deleting the car from the Carwings portal and/or declining the ToS stops the API form working?
ObiQuiet said:Have any of you confirmed that deleting the car from the Carwings portal and/or declining the ToS stops the API form working?
Thank you gsleaf and Karl, 1st post updated along with note that Nissan has apparently disabled the API for now (see paulcone's link above).kolmstead said:"Decline" button seems to work fine, as posted by gsleaf.
bjm2020 said:I was really looking forward to being able to use the carwings features. Bummer!
I suspect the main problem is that the service was built by a number of companies (every country appears to have their own website with different user-interfaces - all of which must interface with the API) to whom Nissan outsourced the project to who promised the world for a dollar and then delivered half-tested crap for two.DavidGreene said:Did no one at Nissan recognize the obvious implications of remote control without authentication?
Access via their smartphone app is now disabled. I confirmed this via their iOS and Android app. Presumably, they disabled any access that didn't come from the appropriate domains/source IP addresses (e.g. wherever the requests come from when you interact w/the NissanConnect site).DCelectric said:Thanks for the heads up! I just bought a used 2013 Leaf, and haven't created a NissanConnect EV account. I'm just thinking - if the person before me had an account then it would be possible for someone to still hack the car with the vin, yeah? I guess I should called NissanConnect directly. Anyone else in this situation?
Only https://gdcportalgw.its-mo.com/ is responding with a "200 OK" return code. All other URLs on that server are returning "404 Not Found". I fully expected the stop gap "fix" to be as hokey as the API itself.cwerdna said:Access via their smartphone app is now disabled.
They sure got it disable fast once this was made public. Makes you think there is some additional unpublished functionality not available in the public app, but available for sending to the car from the server. For example, given how many of these cars are owned by Nissan's own leasing company I would think that hidden commands might include reporting the car's current GPS location as part of a loss recovery program. The sent data includes the car's GpsDateTime, likely its set up to report GpsLocation as well. Given their plans for the future, I suspect there is lots more built into the latest LEAFs that's just not yet publiccwerdna said:It's not like there's that much functionality though...
Indeed. It's quite possible. Then again, they've gotten enough bad PR already, that it's probably best for them to disable, figure out what to do and fix it before they get more bad press and customer support calls.jpadc said:They sure got it disable fast once this was made public. Makes you think there is some additional unpublished functionality not available in the public app, but available for sending to the car from the server.cwerdna said:It's not like there's that much functionality though...
LOL. But, the current issue has little or nothing to do w/Azure's security and authentication. One can write and run plenty of insecure stuff on one's own machines or someone else's cloud service.jpadc said:Speaking of those plans for its Connect Telematics Systems (CTS) systems, this quote seems almost funny now... "Nissan selected Azure because of its enterprise-grade security and compliance."
I'm sure there are many customers that use NissanConnect that have not seen this info. How are they informing customers its been disabled? Seems like if they don't, they will get some calls...cwerdna said:Then again, they've gotten enough bad PR already, that it's probably best for them to disable, figure out what to do and fix it before they get more bad press and customer support calls.
Enter your email address to join: