Nissan EV app password reset prompts user panic
Looks like a functionality fail rather than a data breach, though
Nervous Nissan UK drivers were today assured by the car maker that Connect EV app log-in failures are related to a migration of data onto a new platform rather than anything more nefarious.
Customers contacted The Reg after receiving what one described as a slew of password resets and some speculated on the potential cause.
Upgrades like this really do not need users to reset passwords if done right...
Nissan's UK arm denied that ongoing problems with its Connect EV electric car app were the result of any error, but claimed a roll out of a "new computer system' meant users had been asked to reset their passwords.
“There has been no data breach,” it said. “The data was simply migrated over to a new computer system and therefore customers have been asked to reset their passwords as a security protocol.”
Taxi drivers and socially conscious road users, among other Nissan owners, have been experiencing problems with the app for some time.
One who spoke to us ventured: “It’s looking a bit like they may have managed to expose a big pile of data they should not have done.”
The Reg notes there was no evidence of any such breach.
Over on Twitter, Nissan UK’s electric car tentacle was busy reassuring drivers that all was well.
Hi, recently, we made a changes to website & APP protocols that caused unexpected disruption in access to the EV APP and intermittent login failures. We are currently working on resolving this and want to apologise to our customers for any inconvenience. ^AL— Nissan Electric UK (@NissanEV_UK) January 14, 2019
Hi Colin, we're aware that some customers are experiencing login problems. Have you downloaded the latest update from December 19th? If you have and you are still having problems logging in please contact our customer care team on 0330 123 1231 for help. ^AL— Nissan Electric UK (@NissanEV_UK) January 14, 2019
Not all were successful, however:
Yes, changed the Nissan+You password as requested by Nissan email, but since then can't log into Nissan Connect aka CarWings on web, or on app— 電気⚡️自動車 (Denki Jidousha) (@DenkiJidousha) January 14, 2019
The Nissan Connect app allows car owners to access third-party apps via the big dashboard display screen in more recent models. The EV version of the app allows ‘leccycar drivers to see time to full charge, driving range, time to flat battery and other useful car-related information.
Recent user reviews on Google Play (the Android app store) were scathing. Kelly Moses wrote on 13 January: “It is not possible to access any data or indeed even to log in, since the most recent update in Dec 18. The app has always been a little hit-and-miss, which is a great shame as it would otherwise be really useful.”
Similarly, Colin McAllister wrote on 12 January: “This app continually responds ‘This service cannot be provided. Please contact Nissan’. Nissan told me to change the country from ‘UK’ to ‘Japan’ because ‘The servers can get busy’. It's 7am on a Saturday morning - I don't believe UK servers are really under that much stress!”
Security researcher Scott Helme (who described issues with Nissan's EV API several years ago, as well as problems controlling his Nissan Leaf via Amazon Alexa) agreed, telling us:
"People will understandably be suspicious of a hack, but it's probably just bad handling from Nissan if we give them the benefit of the doubt. Upgrades like this really do not need users to reset passwords if done right. They also could have communicated this better to avoid people assuming something bad has happened."
Where possible explanations for a bad situation boil down to "cockup or conspiracy", we favour "cockup" every time - with good reason. ®
Sponsored: Becoming a Pragmatic Security Leader