Nissan: Difference between revisions

Line 54:

Researchers at Black Hat Asia 2025 have found issues within the NissanConnectEV app, since it relied upon a Vehicle Identification Number to communicate with the user and to authenticate communications, and this number proved to be easy to reverse engineer. This allowed hackers to easily access the app.<ref>{{Cite web |title=Researchers Hack Nissan Leaf Remotely, Exposing Major Security Flaws in Car App |url=https://www.abijita.com/researchers-hack-nissan-leaf-remotely-exposing-major-security-flaws-in-car-app/ |url-status=live}}</ref><ref>{{Cite web |title=Hackers can access the Nissan Leaf via insecure APIs |url=https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |url-status=live}}</ref><ref>{{Cite web |title=Critical Security Vulnerabilities Found in Nissan Leaf: Remote Hacking Demonstrated |url=https://www.security.land/critical-security-vulnerabilities-found-in-nissan-leaf-remote-hacking-demonstrated/ |url-status=live}}</ref><ref>{{Cite web |title=API Flaw Exposes Nissan LEAF Cars to Remote Attacks |url=https://www.show.it/en/api-flaw-exposes-nissan-leaf-cars-to-remote-attacks/ |url-status=live}}</ref>

=== Invasive data sharing ===

===Invasive data sharing===

~~User has~~ to ~~agree~~ to Nissan ~~gathering and selling various private information~~.

In 2023, a report by the [[Mozilla|Mozilla Foundation]] found that Nissan, along with other major car manufacturers, were recording a large amount of customer data which were classed as a "privacy nightmare"<ref>{{Cite web |last=Caltrider |first=Jen |last2=Rykov |first2=Misha |last3=Zoë |first3=MacDonald |date=2023-09-06 |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |website=Mozilla Foundation}}</ref> for consumers. This report found that Nissan were collecting a very large amount of personal data with very little security information, and could record information about the customer's "sexual activity" as per their terms and conditions. Mozilla found Nissan to be the worst perpetrator in terms of data collection and privacy policies, only behind [[Tesla, Inc.|Tesla]] who was using driver data to train their autopilot AI feature. The report found all car companies to be breaching privacy rights of their customers, however Nissan's privacy policy stood out to researchers as one of the worst they investigated.

==References==

[[Category:Nissan]]

@@ Line 54: / Line 54: @@
 Researchers at Black Hat Asia 2025 have found issues within the NissanConnectEV app, since it relied upon a Vehicle Identification Number to communicate with the user and to authenticate communications, and this number proved to be easy to reverse engineer. This allowed hackers to easily access the app.<ref>{{Cite web |title=Researchers Hack Nissan Leaf Remotely, Exposing Major Security Flaws in Car App |url=https://www.abijita.com/researchers-hack-nissan-leaf-remotely-exposing-major-security-flaws-in-car-app/ |url-status=live}}</ref><ref>{{Cite web |title=Hackers can access the Nissan Leaf via insecure APIs |url=https://www.csoonline.com/article/554905/hackers-can-access-the-nissan-leaf-via-insecure-apis.html |url-status=live}}</ref><ref>{{Cite web |title=Critical Security Vulnerabilities Found in Nissan Leaf: Remote Hacking Demonstrated |url=https://www.security.land/critical-security-vulnerabilities-found-in-nissan-leaf-remote-hacking-demonstrated/ |url-status=live}}</ref><ref>{{Cite web |title=API Flaw Exposes Nissan LEAF Cars to Remote Attacks |url=https://www.show.it/en/api-flaw-exposes-nissan-leaf-cars-to-remote-attacks/ |url-status=live}}</ref>
-=== Invasive data sharing ===
+===Invasive data sharing===
-User has to agree to Nissan gathering and selling various private information.
+In 2023, a report by the [[Mozilla|Mozilla Foundation]] found that Nissan, along with other major car manufacturers, were recording a large amount of customer data which were classed as a "privacy nightmare"<ref>{{Cite web |last=Caltrider |first=Jen |last2=Rykov |first2=Misha |last3=Zoë |first3=MacDonald |date=2023-09-06 |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |website=Mozilla Foundation}}</ref> for consumers. This report found that Nissan were collecting a very large amount of personal data with very little security information, and could record information about the customer's "sexual activity" as per their terms and conditions. Mozilla found Nissan to be the worst perpetrator in terms of data collection and privacy policies, only behind [[Tesla, Inc.|Tesla]] who was using driver data to train their autopilot AI feature. The report found all car companies to be breaching privacy rights of their customers, however Nissan's privacy policy stood out to researchers as one of the worst they investigated.
 ==References==
 <references />
 [[Category:Nissan]]