Nissan Leaf app disabled after video shows how electric car can be hacked

Nissan has disabled the NissanConnect EV smartphone app for Nissan Leaf cars after hackers took control of the electric car using the app. The Japanese automaker plans to relaunch the app after fixing security loopholes.

"We apologize for the disappointment caused to our Nissan Leaf customers who have enjoyed the benefits of our mobile apps," Nissan wrote in an email to Computerworld.

The issue came to light when two security analysts, Tony Hunt, and Scott Helm, demonstrated in a YouTube video how they could access Nissan's Leaf car in England, while sitting in Australia, using the insecure APIs in the Leaf's iPhone app.

The researchers said they first reported the security flaw to the carmaker in January but received a cold response. They then posted the YouTube video showing how the car could be hacked using the app.

"Fortunately, the Nissan Leaf doesn't have features like remote unlock or remote start, as some vehicles from other manufacturers do, because that would be a disaster with what's been uncovered. Still, a malicious actor could cause a great deal of problems for owners of the Nissan Leaf," Helm, who assisted Hunt in the hack, said.

Though the experimental hack would not cause damage to the vehicle, it gives remote access to a hacker, who could, for example, switch on or off the car's pre-heating or pre-cooling system from a web browser and drain the car's battery. A hacker could also get the car's driving history.