Nissan: Difference between revisions

Line 52:

===Safety issues with the NissanConnect EV app===

Researchers at Black Hat Asia 2025 have found issues within the NissanConnectEV app, since it relied upon a Vehicle Identification Number to communicate with the user and to authenticate communications, and this number proved to be easy to reverse engineer. This allowed hackers to easily access the app.<ref>{{Cite web |title=Researchers Hack Nissan Leaf Remotely, Exposing Major Security Flaws in Car App |url=https://www.abijita.com/researchers-hack-nissan-leaf-remotely-exposing-major-security-flaws-in-car-app/ |url-status=live}}</ref><ref>{{Cite web |title=Hackers can access the Nissan Leaf via insecure APIs |url=https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |url-status=live |archive-url=http://web.archive.org/web/20231204030039/https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |archive-date=4 Dec 2023}}</ref><ref>{{Cite web |title=Critical Security Vulnerabilities Found in Nissan Leaf: Remote Hacking Demonstrated |url=https://www.security.land/critical-security-vulnerabilities-found-in-nissan-leaf-remote-hacking-demonstrated/ |url-status=live}}</ref><ref>{{Cite web |title=API Flaw Exposes Nissan LEAF Cars to Remote Attacks |url=https://www.show.it/en/api-flaw-exposes-nissan-leaf-cars-to-remote-attacks/ |url-status=live}}</ref>

Researchers at Black Hat Asia 2025 have found issues within the NissanConnectEV app, since it relied upon a Vehicle Identification Number to communicate with the user and to authenticate communications, and this number proved to be easy to reverse engineer. This allowed hackers to easily access the app.<ref>{{Cite web |title=Researchers Hack Nissan Leaf Remotely, Exposing Major Security Flaws in Car App |url=https://www.abijita.com/researchers-hack-nissan-leaf-remotely-exposing-major-security-flaws-in-car-app/ |url-status=live |archive-url=http://web.archive.org/web/20251018194523/https://www.abijita.com/researchers-hack-nissan-leaf-remotely-exposing-major-security-flaws-in-car-app/ |archive-date=18 Oct 2025}}</ref><ref>{{Cite web |title=Hackers can access the Nissan Leaf via insecure APIs |url=https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |url-status=live |archive-url=http://web.archive.org/web/20231204030039/https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |archive-date=4 Dec 2023}}</ref><ref>{{Cite web |title=Critical Security Vulnerabilities Found in Nissan Leaf: Remote Hacking Demonstrated |url=https://www.security.land/critical-security-vulnerabilities-found-in-nissan-leaf-remote-hacking-demonstrated/ |url-status=live}}</ref><ref>{{Cite web |title=API Flaw Exposes Nissan LEAF Cars to Remote Attacks |url=https://www.show.it/en/api-flaw-exposes-nissan-leaf-cars-to-remote-attacks/ |url-status=live}}</ref>

===Invasive data sharing===

In 2023, a report by the [[Mozilla|Mozilla Foundation]] found that Nissan, along with other major car manufacturers, were recording a large amount of customer data which were classed as a "privacy nightmare"<ref>{{Cite web |last=Caltrider |first=Jen |last2=Rykov |first2=Misha |last3=Zoë |first3=MacDonald |date=2023-09-06 |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |website=Mozilla Foundation}}</ref> for consumers. This report found that Nissan were collecting a very large amount of personal data with very little security information, and could record information about the customer's "sexual activity" as per their terms and conditions. Mozilla found Nissan to be the worst perpetrator in terms of data collection and privacy policies, only behind [[Tesla, Inc.|Tesla]] who was using driver data to train their autopilot AI feature. The report found all car companies to be breaching privacy rights of their customers, however Nissan's privacy policy stood out to researchers as one of the worst they investigated.

In 2023, a report by the [[Mozilla|Mozilla Foundation]] found that Nissan, along with other major car manufacturers, were recording a large amount of customer data which were classed as a "privacy nightmare"<ref>{{Cite web |last=Caltrider |first=Jen |last2=Rykov |first2=Misha |last3=Zoë |first3=MacDonald |date=2023-09-06 |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |website=Mozilla Foundation |archive-url=http://web.archive.org/web/20260127041610/https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |archive-date=27 Jan 2026}}</ref> for consumers. This report found that Nissan were collecting a very large amount of personal data with very little security information, and could record information about the customer's "sexual activity" as per their terms and conditions. Mozilla found Nissan to be the worst perpetrator in terms of data collection and privacy policies, only behind [[Tesla, Inc.|Tesla]] who was using driver data to train their autopilot AI feature. The report found all car companies to be breaching privacy rights of their customers, however Nissan's privacy policy stood out to researchers as one of the worst they investigated.

==References==

[[Category:Nissan]]

@@ Line 52: / Line 52: @@
 ===Safety issues with the NissanConnect EV app===
-Researchers at Black Hat Asia 2025 have found issues within the NissanConnectEV app, since it relied upon a Vehicle Identification Number to communicate with the user and to authenticate communications, and this number proved to be easy to reverse engineer. This allowed hackers to easily access the app.<ref>{{Cite web |title=Researchers Hack Nissan Leaf Remotely, Exposing Major Security Flaws in Car App |url=https://www.abijita.com/researchers-hack-nissan-leaf-remotely-exposing-major-security-flaws-in-car-app/ |url-status=live}}</ref><ref>{{Cite web |title=Hackers can access the Nissan Leaf via insecure APIs |url=https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |url-status=live |archive-url=http://web.archive.org/web/20231204030039/https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |archive-date=4 Dec 2023}}</ref><ref>{{Cite web |title=Critical Security Vulnerabilities Found in Nissan Leaf: Remote Hacking Demonstrated |url=https://www.security.land/critical-security-vulnerabilities-found-in-nissan-leaf-remote-hacking-demonstrated/ |url-status=live}}</ref><ref>{{Cite web |title=API Flaw Exposes Nissan LEAF Cars to Remote Attacks |url=https://www.show.it/en/api-flaw-exposes-nissan-leaf-cars-to-remote-attacks/ |url-status=live}}</ref>
+Researchers at Black Hat Asia 2025 have found issues within the NissanConnectEV app, since it relied upon a Vehicle Identification Number to communicate with the user and to authenticate communications, and this number proved to be easy to reverse engineer. This allowed hackers to easily access the app.<ref>{{Cite web |title=Researchers Hack Nissan Leaf Remotely, Exposing Major Security Flaws in Car App |url=https://www.abijita.com/researchers-hack-nissan-leaf-remotely-exposing-major-security-flaws-in-car-app/ |url-status=live |archive-url=http://web.archive.org/web/20251018194523/https://www.abijita.com/researchers-hack-nissan-leaf-remotely-exposing-major-security-flaws-in-car-app/ |archive-date=18 Oct 2025}}</ref><ref>{{Cite web |title=Hackers can access the Nissan Leaf via insecure APIs |url=https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |url-status=live |archive-url=http://web.archive.org/web/20231204030039/https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |archive-date=4 Dec 2023}}</ref><ref>{{Cite web |title=Critical Security Vulnerabilities Found in Nissan Leaf: Remote Hacking Demonstrated |url=https://www.security.land/critical-security-vulnerabilities-found-in-nissan-leaf-remote-hacking-demonstrated/ |url-status=live}}</ref><ref>{{Cite web |title=API Flaw Exposes Nissan LEAF Cars to Remote Attacks |url=https://www.show.it/en/api-flaw-exposes-nissan-leaf-cars-to-remote-attacks/ |url-status=live}}</ref>
 ===Invasive data sharing===
-In 2023, a report by the [[Mozilla|Mozilla Foundation]] found that Nissan, along with other major car manufacturers, were recording a large amount of customer data which were classed as a "privacy nightmare"<ref>{{Cite web |last=Caltrider |first=Jen |last2=Rykov |first2=Misha |last3=Zoë |first3=MacDonald |date=2023-09-06 |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |website=Mozilla Foundation}}</ref> for consumers. This report found that Nissan were collecting a very large amount of personal data with very little security information, and could record information about the customer's "sexual activity" as per their terms and conditions. Mozilla found Nissan to be the worst perpetrator in terms of data collection and privacy policies, only behind [[Tesla, Inc.|Tesla]] who was using driver data to train their autopilot AI feature. The report found all car companies to be breaching privacy rights of their customers, however Nissan's privacy policy stood out to researchers as one of the worst they investigated.
+In 2023, a report by the [[Mozilla|Mozilla Foundation]] found that Nissan, along with other major car manufacturers, were recording a large amount of customer data which were classed as a "privacy nightmare"<ref>{{Cite web |last=Caltrider |first=Jen |last2=Rykov |first2=Misha |last3=Zoë |first3=MacDonald |date=2023-09-06 |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |website=Mozilla Foundation |archive-url=http://web.archive.org/web/20260127041610/https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |archive-date=27 Jan 2026}}</ref> for consumers. This report found that Nissan were collecting a very large amount of personal data with very little security information, and could record information about the customer's "sexual activity" as per their terms and conditions. Mozilla found Nissan to be the worst perpetrator in terms of data collection and privacy policies, only behind [[Tesla, Inc.|Tesla]] who was using driver data to train their autopilot AI feature. The report found all car companies to be breaching privacy rights of their customers, however Nissan's privacy policy stood out to researchers as one of the worst they investigated.
 ==References==
 <references />
 [[Category:Nissan]]