Time to don those tin-foil hats, conspiracy theorists: The on-board infotainment software on the Nissan Leaf may “leak” the car’s location information to websites accessed via the car’s RSS reader. Computer security expert Casey Halverson discovered the flaw in his own Leaf and documented it on YouTube.
The Leaf electric car incorporates Nissan’s Carwings connectivity system, which lets owners check in on the status of their Leaf via the Internet or a smartphone. It allows for scheduling charge times, remote verification of charge status, and other features. Inside the cabin, Carwings allows drivers to have the computer “read” an RSS news feed to them in the car. According to Halverson, using the last feature “leaks” the current location of the Nissan Leaf.
Using a custom RSS feed he created, Halverson found that Carwings transmitted the GPS coordinates, speed, navigation destination, and more to external websites when requesting the RSS feed. There is apparently no way to disable the feature, which could potentially be used to track a Nissan Leaf’s location in real time.
Fortunately, by exposing the flaw, Halverson has helped eliminate it. Spokeswoman Katherine Zachary told us that Nissan is aware of the Carwings issue and that it was “corrected right away.” The data transmitted via the RSS reader apparently did not contain any indentifying information and reportedly could not easily be attributed to a specific driver or vehicle.
Sources: Computer World