Nissan LEAF Leaks Speed & Location To RSS Feed

Discussion in 'Nissan Hybrids and EVs' started by a_gray_prius, Jun 14, 2011.

  1. a_gray_prius

    a_gray_prius Rare Non-Old-Blowhard Priuschat Member

    Joined:
    Jun 13, 2008
    2,363
    394
    Chicago, IL
    Vehicle:
    2008 Prius
    Model:
    N/A
    Nissan LEAF CARWINGS tells any RSS feed provider your current position, speed, direction, destination, etc. « Casey Halverson

    and

    Security Breach? Nissan Leaf Shares Your Location & Speed

     
    1 person likes this.
  2. hill

    hill High Fiber Member

    Joined:
    Jun 23, 2005
    9,773
    1,671
    South OC So Cal & Nashville, TN
    Vehicle:
    2004 Prius
    Model:
    IV
    I suppose that means if you're cheating on S.O. - you'll have to turn the RSS feed off. It's no big deal to simply turn it off. Imaging that ... the media creating drama where there is none.
    :p
    On a positive spin, one might set up an RSS feed for family purposes ... get togethers / find out where everyone is en route to a meet up, etc.
     
  3. DarkStarPDX

    DarkStarPDX Junior Member

    Joined:
    Apr 19, 2011
    26
    8
    Hillsboro, Oregon, USA
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    Fortunately there is no security problem. Every time you turn on the LEAF, a message is displayed asking if you consent to CARWINGS transmitting telemetry data over its service. You can choose "Yes" or "No." If you choose "No," when pulling up an RSS feed it will pop up the consent message again.

    I'm not sure where the problem is, but I think it's between the seat and steering wheel... :p
     
  4. cwerdna

    cwerdna Senior Member

    Joined:
    Sep 4, 2005
    12,369
    1,948
    SF Bay Area, CA
    Vehicle:
    2006 Prius
    I'm not sure if you're trying to be sarcastic, but I strongly disagree.

    Nissan ought to have UI along the lines of a checkbox for each RSS and text something like "send location". It should be off by default for each feed.

    Until this guy discovered it, this data was being silently leaked and potentially end up in web server logs all over the place. I used to run some web servers at work, so I've seen their log files.

    I haven't carefully read the CARWINGS message (since I don't own a Leaf), but this would almost akin to Safari on iPhone saying "Safari wishes to use your location. Yes/No", then you tapping Yes and then EVERY page you visit from that point on receiving your location as part of the GET that goes out.
     
  5. rainnw

    rainnw New Member

    Joined:
    Jun 21, 2011
    4
    1
    seattle
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    Whether you care or not, location disclosure is becoming a hot legal issue in the united states. One thing that apparently irks the government and general public is location disclosure without informing the user.

    I also do not call "I give permission to Nissan to have access to my location data" the same as "..oh, and also, some random guy named casey with a blog". Last time I checked, I was not a partner of Nissan or have any official association with them.

    The hole is plugged....and the fact they were so quick to act was obvious that this flaw wouldn't bode well with whatever legal implications. Otherwise, they would have left it.