Nissan EV app password reset prompts user panic

Looks like a functionality fail rather than a data breach, though

Nissan Juke has a 1.6 Turbo
Don't want charging app woes? Get a proper engine in your wagon

Nervous Nissan UK drivers were today assured by the car maker that Connect EV app log-in failures are related to a migration of data onto a new platform rather than anything more nefarious.

Customers contacted The Reg after receiving what one described as a slew of password resets and some speculated on the potential cause.

Upgrades like this really do not need users to reset passwords if done right...

Nissan's UK arm denied that ongoing problems with its Connect EV electric car app were the result of any error, but claimed a roll out of a "new computer system' meant users had been asked to reset their passwords.

“There has been no data breach,” it said. “The data was simply migrated over to a new computer system and therefore customers have been asked to reset their passwords as a security protocol.”

Taxi drivers and socially conscious road users, among other Nissan owners, have been experiencing problems with the app for some time.

One who spoke to us ventured: “It’s looking a bit like they may have managed to expose a big pile of data they should not have done.”

The Reg notes there was no evidence of any such breach.

Over on Twitter, Nissan UK’s electric car tentacle was busy reassuring drivers that all was well.

Not all were successful, however:

The Nissan Connect app allows car owners to access third-party apps via the big dashboard display screen in more recent models. The EV version of the app allows ‘leccycar drivers to see time to full charge, driving range, time to flat battery and other useful car-related information.

Recent user reviews on Google Play (the Android app store) were scathing. Kelly Moses wrote on 13 January: “It is not possible to access any data or indeed even to log in, since the most recent update in Dec 18. The app has always been a little hit-and-miss, which is a great shame as it would otherwise be really useful.”

Similarly, Colin McAllister wrote on 12 January: “This app continually responds ‘This service cannot be provided. Please contact Nissan’. Nissan told me to change the country from ‘UK’ to ‘Japan’ because ‘The servers can get busy’. It's 7am on a Saturday morning - I don't believe UK servers are really under that much stress!”

Security researcher Scott Helme (who described issues with Nissan's EV API several years ago, as well as problems controlling his Nissan Leaf via Amazon Alexa) agreed, telling us:

"People will understandably be suspicious of a hack, but it's probably just bad handling from Nissan if we give them the benefit of the doubt. Upgrades like this really do not need users to reset passwords if done right. They also could have communicated this better to avoid people assuming something bad has happened."

Where possible explanations for a bad situation boil down to "cockup or conspiracy", we favour "cockup" every time - with good reason. ®

Sponsored: Balancing consumerization and corporate control




Biting the hand that feeds IT © 1998–2019