Listen to this Post
Security researchers Radu Motspan, Mikhail Evdokimov, and Polina Smirnova revealed critical vulnerabilities in the Nissan Leaf, allowing remote exploitation and full control of the vehicle. Their research, “Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet,” was presented in Singapore, detailing a step-by-step attack chain from Bluetooth exploitation to persistent access, data exfiltration, and lateral movement within the car’s systems.
Despite ethical disclosure attempts since 2023, Nissan has yet to fully address these flaws.
More Details:
You Should Know: Practical Exploitation Steps & Mitigations
1. Bluetooth Low Energy (BLE) Exploitation
Attackers leverage weak BLE authentication to gain initial access.
Commands to Test BLE Security:
Scan for BLE devices sudo hcitool lescan Connect to vulnerable BLE service gatttool -b <Nissan_Leaf_MAC> -I
2. Gaining Persistence via CAN Bus Injection
Once inside, attackers manipulate the Controller Area Network (CAN) to send malicious commands.
Example CAN Bus Tools:
Install CAN utilities (Linux) sudo apt install can-utils Monitor CAN traffic candump can0 Inject malicious CAN frames cansend can0 123DEADBEEF
3. Data Exfiltration via OBD-II Port
The On-Board Diagnostics (OBD-II) port is abused to extract sensitive vehicle data.
Tool:
Use obd2-cli to query OBD-II obd2-cli -d /dev/ttyUSB0 --query "ATZ"
4. Lateral Movement via Infotainment System
The NissanConnect infotainment system acts as a pivot point.
Exploit Code Snippet (Metasploit):
use exploit/linux/http/nissan_leaf_rce set RHOST <vehicle_ip> exploit
5. Mitigation Steps
- Disable unnecessary Bluetooth/Wi-Fi.
- Physically secure the OBD-II port.
- Monitor CAN traffic for anomalies.
What Undercode Say
This research highlights the dangers of IoT in vehicles. Legacy automakers must adopt secure-by-design principles, including:
– Network Segmentation: Isolate critical CAN bus systems.
– Firmware Signing: Prevent unauthorized code execution.
– Continuous Pen-Testing: Proactively hunt for vulnerabilities.
Relevant Linux Commands for Defense:
Block unauthorized CAN traffic sudo ip link set can0 up type can bitrate 500000 triple-sampling on sudo ifconfig can0 txqueuelen 1000 Monitor kernel logs for CAN anomalies dmesg | grep can
Windows Command for CAN Monitoring (with third-party tools):
Get-PnpDevice | Where-Object { $_.FriendlyName -like "CAN" }
Expected Output:
A hardened vehicle network with logged CAN anomalies and restricted attack surfaces.
For deeper analysis, review the full slides and PoC video.
References:
Reported By: Alexrweyemamu Hacking – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
