The vulnerable web API for my Nissan Leaf

I've driven a purely Electric Vehicle (EV) for over 2 years now and had intended to write about the experience at some point on my blog. Writing about the discovery of an insecure API that allows an attacker to remotely control features within my car was not how I intended that first blog to go down!


The Nissan Leaf

The Nissan Leaf is the best selling EV in the world with over 200,000 of them on the road already. I've had nothing but good experiences with the car and after seeing the benefits first hand, several friends and family have now purchased an EV too. It was last month when I met with Troy in person in the UK that I found out he had come across a problem with the API that controls certain features of the car. Naturally, I was really interested in what he had, especially as I owned one and at the time, Nissan had just released their brand new Nissan Connect app. This video covers the issue with a live demonstration where the 'attacker' is literally on the other side of the planet!



If you want all of the details I highly recommend reading Troy's article: Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs


Short URL:


Author image
About Scott
Researcher, blogger and international speaker. I'm the creator of and, free tools to help improve online security.