Nissan shut down one of its smartphone apps this week after an Australian software developer found that Leaf owners were highly vulnerable to data theft and hackers controlling parts of their cars.

The NissanConnect EV app, which allows Leaf (and e-NV200) owners to check their electric car’s battery status, analyze their driving habits, and activate climate control and battery charging, has been disabled.
Developer Troy Hunt detailed his finds on his website; the problem essentially boil down to Nissan neglecting to use standard authentication. Using a VIN generator to ping available cars, Hunt found he could gain access to the app’s remote functions?switching on his friend’s heated seats in Norway all the way from Australia, as one example?and could view logs of his driving history. Other exploits involve disabling the car’s charging process or repeatedly turning on the air conditioning. While Hunt couldn’t view personal information like names or addresses or pinpoint a car’s exact location, he considered the issue serious enough to report it to Nissan the next day. That was more than a month ago. Comparing the Leaf flaw to the Jeep Cherokee hacks, Hunt wrote it was “good in that it doesn?t impact the driving controls of the vehicle, yet bad in that the ease of gaining access to vehicle controls in this fashion doesn?t get much easier?it?s profoundly trivial.” Nissan responded quickly, Hunt said, and company spokesman Steve...