![Hackers turn Nissan LEAF into full-scale RC car, record drivers’ conversations [video]](https://the-future-automobile.com/wp-content/uploads/2025/05/nissan-leaf-hacked-860x450.png)
A team of skilled European cybersecurity experts leveraged their intellectual prowess, digital tools, and carefully sourced components from online marketplaces to commandeer a 2020 Nissan LEAF and breach numerous privacy and security protocols in the process.
The very best half: .
Researchers at PCAutomotive, a Budapest-based cybersecurity consultancy, have successfully exploited various vulnerabilities in a 2020 Nissan LEAF, enabling them to geolocate the vehicle, monitor conversations within it, record texts and phone calls, broadcast media through its speakers, and – most alarmingly – manipulate the steering wheel while the car was in motion. (!?)
What’s truly unsettling is the simplicity with which this hack unfolded, commencing with a “bench simulator” constructed from eBay components that exploited vulnerabilities in the LEAF’s DNS C2 channel and Bluetooth protocol.
The PCAutomotive team delivered a comprehensive 118-page presentation of their findings at Black Hat Asia 2025, and for those who may encounter issues with the original link, we’ve provided a backup on our page. As you delve deeper into this captivating realm, the most exciting aspects unfold around page 27. Between August 2, 2023, and September 12, 2024, all vulnerabilities were publicly disclosed to Nissan and its suppliers. The footage (116/118) appears to capture an incident of alleged assault, which is further documented in the accompanying video. Get pleasure from!
Abstract of vulnerabilities
- CVE-2025-32056 – Anti-Theft bypass
- CVE-2025-32057 – app_redbend: MiTM assault
- The vulnerability CVE-2025-32058 affects a specific version of the v850 software package and is characterized by a stack overflow occurring during the processing of CBR (Curve-Based Rendering) data. Further investigation reveals that this flaw arises from an insufficient buffer size allocated for storing intermediate results, ultimately leading to a buffer overflow condition.
- CVE-2025-32059: Stack Buffer Overflow Vulnerability Allows Remote Code Execution
- The Linux kernel’s absence of a kernel module signature verification allows untrusted kernel modules to be loaded, which could lead to arbitrary code execution.
- A critical vulnerability has been identified as CVE-2025-32061, characterized by a stack-based buffer overflow that enables remote code execution (RCE).
- A critical vulnerability has been identified, CVE-2025-32062, which leads to a stack buffer overflow, ultimately allowing remote code execution.
- A critical bug in a Nissan’s onboard computer! The revised text:
Unexpected CAN bus traffic patterns may compromise the security of site visitors filtering. This vulnerability allows unauthorized vehicles to bypass proper site visitor filtering, potentially leading to unmonitored and unchecked access to restricted areas. Immediate attention is required to prevent exploitation by malicious actors, which could have severe consequences for vehicle safety and occupants’ well-being.
- Can persistent Wi-Fi connections create a secure and reliable network?
The vulnerability CVE-2025-32063 affects the Wi-Fi community’s persistence, allowing attackers to gain unauthorized access and disrupt the network. This means that any device connected to this network is at risk of being compromised.
To prevent this, it is crucial to implement proper security measures such as strong passwords and regular software updates. Additionally, using a reputable VPN can provide an extra layer of protection.
The impact of CVE-2025-32063 goes beyond just compromising individual devices; it also has the potential to cause widespread disruption to critical infrastructure and systems that rely on these networks.
In conclusion, persistent Wi-Fi connections pose a significant threat if not properly secured.
-
PCA Nissan 012: Exploitation via CVE-2017-7932 vulnerability in the Hardware Abstraction Layer (HAL) of the iMX6 processor.
Distant exploitation of Nissan LEAF
Electrek’s Take
On the intense face, these posts excel at detailing how remote operators can “log in” to a vehicle and remotely guide it out of trouble when an unusual or extreme situation arises.
Sadly, such outlandish claims are typical of the uninformed anti-EV zealots who attempt to discredit electric vehicles by pointing to anecdotal evidence. While it’s true that EVs can be vulnerable to hacking, the reality is that nearly every modern vehicle equipped with advanced electronic systems – including electric power steering, digital throttles, and brake-by-wire technology – can potentially be compromised. Will be hacked with the same level of vulnerability. Here’s a revised version:
Keep in mind, youngsters: .
: black hat.
