Hackers flip Nissan LEAF into full-scale RC automotive, report drivers’ conversations [video]

A group of white hat European hackers utilizing their brains, keyboards, and a few bits and baubles from eBay managed to take management of a 2020 Nissan LEAF and violate nearly each privateness and security regulation within the course of.

The perfect half: they recorded the entire thing.

Budapest-based cybersecurity consultants PCAutomotive have been capable of exploit various vulnerabilities in a 2020 Nissan LEAF that enabled the white hat group to geolocate and observe the automotive, report the texts and conversations taking place contained in the automotive, enjoying media again by way of the automotive’s audio system, and even (that is the genuinely terrifying harmful half) turning the steering wheel whereas the automotive was shifting. (!?)

Perhaps the scariest a part of this hack, nevertheless, is how seemingly straightforward it was to tug off by beginning with a “check bench simulator” constructed utilizing components from eBay and exploiting a vulnerability within the LEAF’s DNS C2 channel and Bluetooth protocol.

Commercial – scroll for extra content material

The PCAutomotive group gave a massively detailed 118-page presentation of their exploit at black hat Asia 2025, which we’ve included on the backside of this put up, in case the unique hyperlink goes useless. In the event you’re into that type of factor, the enjoyable stuff begins round web page 27. And, should you’re not, simply know that each one the vulnerabilities have been disclosed to Nissan and its suppliers between 02AUG2023 and 12SEP2024 (p. 116/118), and the “assault” itself could be seen within the video beneath that. Get pleasure from!

Abstract of vulnerabilities

• CVE-2025-32056 – Anti-Theft bypass
• CVE-2025-32057 – app_redbend: MiTM assault
• CVE-2025-32058 – v850: Stack Overflow in CBR processing
• CVE-2025-32059 – Stack buffer overflow resulting in RCE [0]
• CVE-2025-32060 – Absence of a kernel module signature verification
• CVE-2025-32061 – Stack buffer overflow resulting in RCE [1]
• CVE-2025-32062 – Stack buffer overflow resulting in RCE [2]
• PCA_NISSAN_009 – Improper visitors filtration between CAN buses
• CVE-2025-32063 – Persistence for Wi-Fi community
• PCA_NISSAN_012 – Persistence by way of CVE-2017-7932 in HAB of i.MX 6

Distant exploitation of Nissan LEAF

Electrek’s Take

That is a type of posts that, on the intense aspect, does an ideal job explaining how a distant operator can “log in” to a car and steer it out of hassle when a bizarre or edge-case-type state of affairs pops up.

Sadly, that is additionally a type of posts that a number of the extra clueless anti-EV hysterics will level to and say, “See!? EVs can get hacked!” However the actuality is that nearly any automotive with electrical energy steering (EPS), digital throttle controls, brake-by-wire, and many others. could be hacked in the same method. However, whereas steering a goal’s automotive into an oncoming semi may be a good way to tug off a covert CIA assassination, the extra worrying problem right here is the breach of privateness and recording – except you wish to spend a while in El Salvadoran jail, I assume.

Keep in mind, children: Huge Brother is watching you.

SOURCE | IMAGES: black hat, by way of Motorpasión.

In the event you’re contemplating going photo voltaic, it’s at all times a good suggestion to get quotes from just a few installers. To be sure you discover a trusted, dependable photo voltaic installer close to you that provides aggressive pricing, try EnergySage, a free service that makes it straightforward so that you can go photo voltaic. It has tons of of pre-vetted photo voltaic installers competing for your small business, making certain you get high-quality options and save 20-30% in comparison with going it alone. Plus, it’s free to make use of, and also you received’t get gross sales calls till you choose an installer and share your telephone quantity with them. 

Your customized photo voltaic quotes are straightforward to match on-line and also you’ll get entry to unbiased Vitality Advisors that will help you each step of the best way. Get began right here.