Nissan Leaf API has NO SECURITY

Is it hacking if there is no security by design? If the doors on a bank are unlocked, is it breaking and entering?

The API (application program interface) for the Nissan Leaf was found to be vulnerable. How vulnerable?

Well, the problem stems from the APIs Nissan uses for its iOS and Android apps, which let owners check the state of their batteries, initiate recharging, check the estimated driving range, and turn their cars’ climate systems on and off (unauthenticated!).

There is no immediate threat to lives with this vulnerability, aside from bad guys learning personal information about the Leaf owner.

Perhaps with enough publicity about these vulnerabilities, car makers will include security by design and even deploy a patch to the vehicles.

Read more here.

This entry was posted in Security Blog and tagged , , , , , , . Bookmark the permalink.