Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Security Researcher said, It is possible to hack “Nissan LEAF” cars using Mobile Phone!

Nissan LEAF is an electric car, which is the best-selling car all around the world.  This car has a lot of features. Nissan has developed applications for both Android and iOS, to control some features of this car. In simple words we can say that, owner of a Nissan LEAF can control it from his mobile phone. Troy Hunt is a famous Australian security expert and he has found a vulnerability, which is targeting the API of Nissan’s LEAF car application. According to Troy Hunt, hackers can exploit this vulnerability to hack the car remotely. Hackers can control many features of the car by doing this.

When Troy reported this vulnerability, other security researchers also confirmed it. In December 2015, this vulnerability had been discussed publicly on a forum of French Security Experts. Nissan LEAF is an electric car and Nissan has also provided an application for its owners to control its features. Troy Hunt was doing work at his workshop which is located in Norway. Then one of his student came in Nissan LEAF and he was controlling his car from mobile phone.

Student ask Troy that he is controlling the car from an iOS application, which is using only VIN (Vehicle Identification Number) to authenticate the users. This application is also available on Android Play Store. After that Troy did a number of tests on the car and found this vulnerability. Another security researcher Scott Helme was with him and they show how to hack this car remotely.

Hackers can turn on the AC of car, can access driving data including travel distance and power consumption by exploiting this vulnerability. But it is not possible to unlock or lock the car by exploiting this vulnerability. Engine is also safe from this security flaw. Nissan also revealed that this is possible.

How it is possible?

It is possible because all the Nissan LEAF cars have same VIN number, only last five digits are different. Therefore hackers can try all the possible combinations of the numbers to exploit this vulnerability. On January 23, Troy reported this vulnerability to Nissan ant still it is unpatched. Users are advised to disable this service by logging into account from a web browser, until the release of updates for application.

Also read: Database of Turkish Police, hacked by Anonymous Group! 18GB data is available online!

It is not the first time when a security researcher has reported vulnerability in an electric car, a number of vulnerabilities had been found by other security researchers as well in the past. Therefore Government of United States is asking Automobile Companies to take the security seriously. Government asked the companies to aware their engineers about the security, because the security of customer is a must in business. Some companies are offering large amount as a price for those, who told them about the vulnerabilities in their automobile products.

Source: Securityweek

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.