Nissan Leaf electric vehicle vulnerability is vulnerable to hacker attacks

Nissan Leaf electric vehicle vulnerability is vulnerable to hacker attacks

Recently, a famous security researcher revealed that some Nissan Leaf electric vehicles owned by Nissan are vulnerable to hacker attacks, the vulnerability in the on-board system will allow attackers to hijack the air conditioning and Temperature Control System of the car.


 
Troy Hunt reported that this vulnerability exists in the vehicle-mounted applications of electric vehicles, which means that attackers can use this vulnerability to monitor the vehicle owner's recent travel and whereabouts.
In addition, Troy Hunt also said that he had already submitted specific information about the vulnerability to the car manufacturer, but the company still did not fix the vulnerability after more than a month, so he decided to expose the details of the vulnerability.
Nensan said that this vulnerability will not bring substantial security threats to users.
At present, this vulnerability is still not solved, but Hunt said that car owners can disable nensan CarWings account to protect the safety of the car. If you have never logged on to this account in the Nissan Leaf electric vehicle's on-board system, you don't have to worry about it.


Hunt believes that the NissanConnect application should perform multiple checks on the authenticity of user identities.
Hunt himself admitted that this problem would not bring danger to users' lives. However, he believes that hackers can use vulnerabilities in on-board applications to exhaust electric vehicle power and cause unnecessary losses to users.
Hunt told BBC News: "In this case, what nensan should do is shut down all systems related to vulnerabilities, and the company must also let their customers know about these problems. To be honest, it is not difficult to fix this vulnerability. In fact, I do not mean that the identity authentication mechanism of on-board applications has serious design defects. In fact, none of these applications have any authentication mechanisms, which is terrible ."
"Nissan has discovered a problem related to the NissanConnect EV Application, this problem may affect the temperature control system of the vehicle and the charging status of the vehicle. However, whether it is from the operational or security perspective of electric vehicles, this vulnerability will not have a substantial impact on users. At present, our technical product R & D team is working hard to solve this problem. What we can assure users is that we will take this issue as our primary task, and our R & D team will try to solve all the problems in the on-board applications, in the future, we will try our best to provide users with the best user experience.


Hunt said that because the car owner has realized the problem, he decided to expose it.
Hunt said that the root cause of this problem is that Nissan's NissanConnect application only needs to enter the vehicle identification number (Vin) for control operations.
This code is usually printed on the windshield of a car, so this identification code is relatively easy to obtain.
The initial character of the vehicle identifier (Vin) depends on the vehicle brand, vehicle manufacturer, home country and geographic location of the manufacturer's headquarters.
So Hunt said that in Nissan Leaf electric vehicles produced in the same region, the only thing that will change in the vehicle identification code is the last five digits.
"Normally, only the last five digits will change," he explained. In this way, anyone can write a script and perform brute-force cracking on 100,000 Nissan Leaf electric vehicles each time, and then try to open the air conditioning and heating systems of these vehicles. Through the corresponding malicious control software, attackers will get the response information of the car, so that they can understand that the vehicle identification code is truly effective ."
Intrusion Test
He added: "attackers do not even need to use any applications, because control commands can be sent through web browsers ."
To confirm the problem, Troy Hunt from Australia obtained a vehicle identification code for an Nissan Leaf electric vehicle from a British friend and tested the vehicle.


During the test, Hunt was able to establish a connection with his friend's Nissan Leaf electric vehicle through the network and view the vehicle's recent travel data.
Hunt's British friend Scott Helme, who is also a cyber security researcher, recalled: "I was sitting in a car and I didn't have a car key, in addition, all the systems in the car are closed. Therefore, my car was completely unattended at the time. At that time, I was talking to Troy via Skype. He copied the website to his browser, and after about 10 seconds, I heard a beep inside the car"
"Then, the car's heated seat was started, and the car's steering wheel's heating function was also turned on. I can hear the sound of a heated fan turning, and the air-conditioning system of the car is turned on ."
As you can see in the original article, Troy shows you how to control a Nissan Leaf electric car at the other end of the earth.
Further analysis and tests show that if the vehicle is started, attackers cannot control the vehicle.
However, attackers may still see the registered user name of the owner, which may help the hacker identify the owner's identity information.
In addition, the vehicle's recent travel data, including time and distance information, may be leaked. However, the leaked information does not include vehicle positioning data.
After Helme deregistered the corresponding on-board application, Hunt could not communicate with Helme's car.
Mr. Helme told the BBC: "In fact, this problem is not as bad as you think ."
Online Forum
Hunt said: "If I track and monitor the route of your vehicle in a week, I will be able to know when you will go to work or when you will be back from work. In this way, when you arrive at your office or home, I can start the heating system of your car and it will take a whole day to start. This will exhaust the power of your car. When you start the vehicle, you will find that the original fully-powered car has only a little power left. Of course, you cannot drive the car home ."

Further analysis shows that the on-board application does not directly interact with the car. Instead, it sends commands through nensan's computer server and influences the heating system of the car.


Nissan issued a statement on December 2015 saying that it has successfully sold more than 0.2 million Nissan Leaf electric vehicles.
Therefore, Hunt said that this problem in the on-board system will likely cause nensan to suspend their services.
In addition to the above information, security researchers also said that some car owners in Canada have discovered this problem and put information about this vulnerability in an online forum for discussion. In addition, some people provide a link address in the forum that can fool on-board applications.
"That's why I began to regret it. Why didn't we make it public earlier. I feel very sad. Some problems are often exposed before people begin to realize the seriousness of the problem. This security issue is a typical example ."