Troy Hunt: Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs
holy crap. Nissan expose a public API authenticated _solely_ using the car’s VIN — which is more or less public info; the API allows turning on/off AC, grabbing driving history, etc.
(tags: security fail nissan leaf cars apis vin authentication)