Nissan has disabled a companion app for its line of Leaf electric cars after it was discovered it could be hacked and used to control features on the car.
The removal comes after a security expert reported the issue to the Japanese car maker, which revolves around a flaw in the software that means hackers could run down a Leaf’s battery and see data about recent journeys.
Nissan denied there was a safety issue, but did also confirm its eNV200 electric vans were also vulnerable to the flaw.
“The NissanConnect EV app – formerly called CarWings – is currently unavailable,” the car maker said in a statement.
“This follows information from an independent IT consultant and a subsequent internal Nissan investigation that found the dedicated server for the app had an issue that enabled the temperature control and other telematics functions to be accessible via a non-secure route.
“No other critical driving elements of the Nissan Leaf or eNV200 are affected, and our 200,000-plus Leaf and eNV200 drivers across the world can continue to use their cars safely and with total confidence.”
Troy Hunt, the security researcher who reported the problem to Nissan, went public with a blog on the issue after discovering it was being discussed in online forums.
The flaw meant hackers could access information about Leafs without verifying themselves as owners of the car. Instead access was granted when simply providing a car’s vehicle identification number (VIN), which is engraved into the windscreen of cars and be relatively easy to locate online, Mr Hunt said.
He added that the flaw could be used to control the car’s heating and air conditioning by sending commands via a web browser, but since it would not work when the car was moving or have an impact on the steering controls, it was unlikely to threaten people’s lives.