This is a case study in why the misuse of identifiers can be a dangerous thing. Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs. <http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html> Thankfully Nissan removed the app because someone could access a set of controls in the Leaf because the NissanConnect app only required the vehicle identification number <https://en.wikipedia.org/wiki/Vehicle_identification_number> (VIN) for access, which meant access was not restricted to a car’s owner, rather anyone that could guess a VIN (or read it off of a Leaf dashboard). Luckily the app allowed access to a limited set of controls outside of when the car was running. Ross On Fri, Feb 26, 2016 at 7:50 AM, <Ingo.Friese@telekom.de> wrote:
Hello,
I hope you are all doing well. I’d like to remind you that our next IDoT-call is coming up today.
I’m looking forward to talking to you!
Best regards
Ingo
*Date and Time*
- Friday, January 26th, at 7am PT (time chart) <http://www.timeanddate.com/worldclock/fixedtime.html?msg=IDoT+Conf+Call&iso=20160226T07&p1=224&ah=1&am=00> - Voice: Skype: +99051000000481 or US +1-805-309-2350 / Alternate Toll +1 (714) 551-9842 (international dial-in lines <http://kantarainitiative.org/confluence/x/KYC_/>), room code 613-2898# - (Turbobridge call options <https://www.turbobridge.com/join.html>)
_______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot
-- Ross Foard (703) 728-1543 (cell) rfoard@gmail.com