TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Nissan Leaf "Hacked" - warning

Discussion in 'Electric Vehicles' started by Twiglett, Feb 24, 2016.

  1. Twiglett

    Twiglett Single pedal driver

    Joined:
    Oct 3, 2014
    Messages:
    779
    Location:
    Austin
    I put "Hacked" because it isn't really a hack, rather it looks like Nissan have been practicing security through obscurity rather than designing it in from the start.
    http://www.bbc.com/news/technology-35642749
    Basically the Nissan telematics application just uses the VIN as its authentication without any form of validation.
    The attacker can then do everything that the owner has enabled remotely.
    On the Leaf, that is heating/cooling, access to telemetry and driving data etc etc

    Contacting Nissan just got a standard "we take security seriously" nonsense.
    Still looking for what ever method can be used to stop anyone with my VIN from controlling my car etc
     
  2. Twiglett

    Twiglett Single pedal driver

    Joined:
    Oct 3, 2014
    Messages:
    779
    Location:
    Austin
    Just to update
    The link to the original information from the guy who found it.
    http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html

    Looks like the only way to block this right now is to remove your EVConnect account - and the only way to do that is to decline the EVConnect agreement.
    Without that anyone can leave you stranded just by turning on your AC remotely or turning off time charging etc
     
  3. MikeBur

    MikeBur ManualPilot

    Joined:
    Dec 8, 2014
    Messages:
    579
    Location:
    Seattle, WA
    Yep, from the video, looks like this would be reasonably simple for Nissan to fix and although limited to non-critical systems the ability to run down anyone's battery remotely, without authorization, is unfortunate.

    Turn off EVConnect access appears to be the only solution until Nissan addresses
     
  4. andrewket

    andrewket 2014 S P85DL, 2016 X P90DL (soon 100)

    Joined:
    Dec 20, 2012
    Messages:
    5,043
    You can't fix stupid.
     
  5. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    12,753
    Location:
    Texas
    I haven't been able to connect to mine for a few weeks. They changed their site and to update they have insisted on putting in your social security number, which isn't legal for them to do.
     
  6. dhanson865

    dhanson865 Active Member

    Joined:
    Feb 16, 2013
    Messages:
    1,496
    Location:
    Knoxville, Tennessee
    no auth, no security.

    The only saving grace is 2G goes dead at the end of this year so even if they do or don't fix this it'll take a hardware radio upgrade to get these back to a hackable state.
     
  7. Twiglett

    Twiglett Single pedal driver

    Joined:
    Oct 3, 2014
    Messages:
    779
    Location:
    Austin
    Built in obsolescence and Nissan wonder why they can't increase market share.
    I can only hope the Model ☰ forces the Leaf 2 back to the drawing board.
    After the entertainment I've had with my Leaf I will never own another Nissan.
     
  8. RiverBrick

    RiverBrick Active Member

    Joined:
    Mar 23, 2014
    Messages:
    1,369
    Location:
    Québec
    When they forced the switch from Carwings to Nissan Connect they broke remote access for me, except I have been using this so-called hack for heating this Winter.

    This information has been circulating for at least two years as a work around for Carwings issues. AFAIK there is no access to user information or telemetry. Just HVAC on/off.

    In the unlikely event you're targeted by someone turning on heat when it might make a difference, you can undo their action. Just enable text and email notifications for HVAC events and you'll know.
     
  9. Twiglett

    Twiglett Single pedal driver

    Joined:
    Oct 3, 2014
    Messages:
    779
    Location:
    Austin
    sadly this is not just enabling heat etc, it allows anything you can do with carwings/EVConnect
    So changing charge time, stop charging, heat time etc
    Check the video on Troy's site - happily download data - basically publicly available.
     
  10. SabrToothSqrl

    SabrToothSqrl Active Member

    Joined:
    Dec 5, 2014
    Messages:
    1,521
    Location:
    PA
    So... Can I just write a script that runs through all the Vin numbers, and sets all the HVAC to max heat, grabs all info, and moves to next?

    strictly... For research, of course. Not the mass depletion of leaf batteries as a joke. ;)
     
  11. dhanson865

    dhanson865 Active Member

    Joined:
    Feb 16, 2013
    Messages:
    1,496
    Location:
    Knoxville, Tennessee
    You can't stop charging with the API.

    You can do the rest.

    Starting charging would only be malicious if TOU rates were in affect (making someone pay for more expensive electricity) or the car was in a very hot environment and you started charging in the afternoon sun (in which case the car probably isn't plugged in).

    The heat/AC is forced at 75F and nothing in the API can change that so you can't heat the car above that or cool the car below that. If it is near 70F outside it won't cost anyone any real energy. It'd be an issue in extreme cold though.

    Getting your email address from the API repsonses would likely be more malicious than anything else they can do with it.

    - - - Updated - - -

    again the leaf will only preheat to 75F and precool to 75F, nothing in the API can override that, they hard coded it in the leaf firmware with no override.
     
  12. pchilds

    pchilds Member

    Joined:
    Jan 13, 2016
    Messages:
    80
    Location:
    SoCal
    Glad I sold my LEAF. The wife said I had to sell the LEAF to get a Tesla, done, next. :biggrin:
     
  13. eye.surgeon

    eye.surgeon Member

    Joined:
    Nov 18, 2014
    Messages:
    707
    Location:
    California
    Of course it's legal. Anyone can ask anyone if they will willingly disclose their SSN. It's not illegal for them to require it to participate in an optional service they are offering. If you don't like it, you don't have to use it.
     
  14. dhanson865

    dhanson865 Active Member

    Joined:
    Feb 16, 2013
    Messages:
    1,496
    Location:
    Knoxville, Tennessee
    Odd, I just checked and the site and app still work for me and I've never been prompted for a SSN. Either you are doing something different than me or Nissan is doing something different for you than they do for me.

    are you starting from Owner Portal aka https: owners.nissanusa.com/nowners/user/home or another URL?
     
  15. Twiglett

    Twiglett Single pedal driver

    Joined:
    Oct 3, 2014
    Messages:
    779
    Location:
    Austin
    The auto AC/Heat only runs for a limited time anyway, maybe 15-20 minutes, but the current draw is really high and would be the difference between getting home or not for me.
    The thing about the charging is changing the time that the charge happens (or just cancelling it). I have mine set to make sure it is complete before 4am to make sure I roll out with a full charge each morning.
    Essentially anything on their site is public access. There are already websites that let you query any Leaf in the world.
    And Nissan still have no response - pathetic.
    Roll on Model 3
     
  16. cwerdna

    cwerdna Active Member

    Joined:
    Jul 11, 2012
    Messages:
    1,032
    Location:
    SF Bay Area, CA
    #16 cwerdna, Feb 24, 2016
    Last edited: Feb 25, 2016
    On '13+ Leafs, you can change the desired temperature for the pre-heat/pre-cool via the car's menus, but NOT thru the Carwings/NissanConnect app. Mine's currently set to 72 F.
    IIRC, it runs for up to an hour when the car's plugged into a working EVSE. If it's not plugged in, it stops after 15 minutes.

    They disabled it and provided a response at Nissan Leaf app deactivated because it's hackable. I actually found NissanConnect EV Update: Smartphone App, API No-Longer Accepting Connections As Nissan Works to Fix Flaw | Transport Evolved first and confirmed that NissanConnect no longer works for me via Android and iOS versions of their app.
     
  17. Canuck

    Canuck Active Member

    Joined:
    Nov 30, 2013
    Messages:
    3,942
    Location:
    South Surrey, BC
    I never had to give my SS number to use it. I couldn't even if asked since I'm a Canadian owner with a US vehicle. I posted over at the Leaf forum how to get Carwings (now EVConnect) to work in Canada with a US imported vehicle.

    It really sucks that they turned off the app until this gets fixed. I have no concern about someone "hacking" into my Leaf, although there's no excuse for the vulnerability. My wife and kids use the app a lot to preheat. And we use it to go from 80% to 100% when extra range is needed.
     
  18. cwerdna

    cwerdna Active Member

    Joined:
    Jul 11, 2012
    Messages:
    1,032
    Location:
    SF Bay Area, CA
    I didn't bother even checking their owner portal after the Carwings to NissanConnect switchover fiasco for which many people wasted a lot of time re-registering, calling Nissan, etc.

    I just logged in tonight (wasn't a very smooth process) and had to update some info, but I was NEVER asked for my social security number. Perhaps your machine has malware which has injected extra fields onto web pages you visit (and thus sends that info to some evil server somewhere)? Example of a malware toolkit that can do this is Zeus. Skip to ~6:35 of Zeus: King of crimeware toolkits | SymantecTV for a demo.
     
  19. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    12,753
    Location:
    Texas
    It was the Nissan Connect that asked for it. There appeared to be no way to get to CarWings otherwise. The App just gives a login denied.

    Zeus only affects computers with that insecure operating system on them.
     
  20. cwerdna

    cwerdna Active Member

    Joined:
    Jul 11, 2012
    Messages:
    1,032
    Location:
    SF Bay Area, CA
    #20 cwerdna, Feb 25, 2016
    Last edited: Feb 25, 2016
    Nowhere on Owner Portal as part of updating your info or signing up for NissanConnect should it ask for your Social Security Number. I've never heard of anyone ever been asked that.

    If so (and I can't fathom why), you should call NissanConnect Support | Nissan USA "Call our NissanConnectSM customer support agents toll-free, Monday through Saturday, 8am to 12am Eastern Time.

    1-855-426-6628" to confirm whether they really should be asking and why.

    I'm 95% sure I never had to give that info when I originally registered for Carwings when it was still called that in 2013. I'm 99% sure I never had to give that up either when I had to add the Leaf I bought in July 2015 to replace the Leaf I returned at end of lease at end of July 2015.

    If you truly are being asked, I'm pointing back at malware on your machine.
    Sure, but Zeus was just an example. It isn't the only malware that can inject illicit content into your browser.
    Yeah, because of Nissan Leaf app deactivated because it's hackable. I can confirm it's disabled now for both my iPhone and Android phone. The error dialog on both is "The service cannot be provided. Please try it again or contact NISSAN." It was working about 24 - 48 hours earlier, as I know I'd set the climate control timer and/or remotely triggered CC in that time period.

    I can still use Owner Portal though. That definitely still works.
     

Share This Page