Advertisement

Security Breach? Nissan Leaf Shares Your Location & Speed

Follow Richard

It might seem surprising in today's world of Facebook updates and Foursquare checkins, but people are still concerned about privacy. In fact, privacy concerns have resulted in major headaches (and lawsuits) for both Google and Apple in recent months, and we wouldn't be surprised if Anthony Weiner considered drafting a cease-and-desist letter to Twitter.

Now, an intrepid tinkerer has discovered yet another security issue -- and if you're a Nissan Leaf owner, it could be revealing your location (and speed!) to websites around the globe.

The issue stems from CARWINGS, the telematics system that Nissan devised for the Leaf. As we've previously mentioned, CARWINGS can do some very nifty stuff, like allow you to see how much charge is left in the EV's battery and compare your usage stats to those of other Leaf owners. CARWINGS also lets you keep up with news on the go via its built-in RSS reader -- and that's exactly where the security problem lies.

The technical stuff

Whenever you pull information from a server -- either as you're doing now, by accessing a website, or via RSS readers like Google Reader and, in this case, CARWINGS -- you have to tell that server a little about yourself. Included in that information is your IP address, which lets the server know where you are.

That's not necessarily a bad thing. For example, it allows some sites to customize news, weather, and ads, so they'll be more relevant to you. It can also provide crucial information for the police when tracking down criminals. (If this is news to you, you might enjoy a quick rundown of the HTTP request process.)

However, when Leaf owners use Nissan's RSS reader to access sites like CNN, the New York Times, or this one, CARWINGS supplies more information than usual -- a lot more. As the author of the "Casey Halverson" blog learned, CARWINGS provides the exact location of the vehicle -- latitude and longitude -- and even the speed at which the vehicle is traveling at the time of the request.

Rather than get bogged down in the technical details of this issue, it might be best to watch the author explain it on video:

At this point, there's no reason to believe that Nissan or RSS-feed providers are using the information from CARWINGS for illicit purposes. In fact, we could easily forsee a day in the not-so-distant future when this data might actually improve the driving experience by offering important news and updates, based on a vehicle's location. (What role speed might play remains a mystery.) But as we mentioned above, it invariably raises concerns about privacy -- especially since, as far as we can tell, there's no way to turn the feature off.

We'll keep digging and let you know what we find.

[SeattleWireless]

Advertisement
 
Follow Us

 

Have an opinion?

  • Posting indicates you have read this site's Privacy Policy and Terms of Use
  • Notify me when there are more comments
 

Have an opinion? Join the conversation!

Advertisement
Advertisement

Take Us With You!

 
Advertisement

Research New Cars

Go!

Related Used Listings

Browse used listings in your area.


 
© 2014 MotorAuthority. All Rights Reserved. MotorAuthority is published by High Gear Media. Stock photography by izmo, Inc. Send us feedback.