A team of researchers at PCAutomotive revealed to Cyber security news today that attackers could fully compromise second-generation Nissan Leaf EVs (2020 model) through a flaw in the infotainment system, enabling unprecedented remote control over critical vehicle functions.

The exploit chain, demonstrated at Black Hat Asia 2025, allows malicious actors to manipulate doors, mirrors, steering, and safety systems from anywhere with cellular connectivity.

The Attack Chain: From Bluetooth to CAN Bus

The intrusion begins by exploiting a stack buffer overflow vulnerability (CVE-2025-32059) in the Leaf’s Bluetooth Hands-Free Profile (HFP).

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar

Attackers can trigger this flaw by sending malicious audio stream data to the vehicle’s infotainment system, requiring only temporary proximity to the target (e.g., parking lots or traffic stops).

Once initial access is achieved:

1. Persistence Mechanism: The compromised system connects to attacker-controlled servers via the Leaf’s embedded cellular modem, embedding itself to survive reboots.
2. Firewall Manipulation: Attackers disable critical iptables rules, enabling unrestricted external communication.
3. CAN Bus Takeover: Researchers bypassed Nissan’s gateway filters by exploiting a stack overflow in the Renesas RH850 microcontroller, gaining raw CAN message transmission privileges.

Capabilities Demonstrated

During live demonstrations, attackers remotely:

• Unlocked doors and rolled down windows
• Activated horns, headlights, and windshield wipers
• Folded/unfolded side mirrors
• Interfered with steering wheel positioning
• Steering manipulation required physical vehicle motion to trigger effects

Attack Breakdown

1. Bluetooth Protocol Flaws: The proprietary Bosch “Bluedragon” stack lacked modern memory protections (ASLR ineffective due to fixed library addresses).
2. Insufficient CAN Filtering: Nissan’s gateway allowed unexpected message types to reach body control modules.
3. Legacy Systems: The infotainment unit ran Linux 3.14 (released 2013) without kernel module signature enforcement.

PCAutomotive reported the flaws to Nissan in August 2023, but coordination challenges delayed patches. A spokesperson stated:

“We’re implementing over-the-air update capabilities and hardware revisions for future models. Current Leaf owners will receive dealership firmware updates by Q3 2025.”

This vulnerability highlights critical risks in automotive supply chains, particularly:

• Shared components (Bosch IVI units used across manufacturers)
• Legacy authentication in-vehicle networks
• Cellular/Wi-Fi connectivity without robust firmware signing

For Leaf Owners:

• Disable Bluetooth when parked in public areas
• Contact dealerships about urgent ECU updates (NHTSA Reference #2025-LEAF-004)
• Monitor for unusual system behavior (e.g., mirror movements, unexpected warnings)

As vehicles become increasingly connected, this exploit serves as a stark reminder of the physical dangers associated with digital vulnerabilities. Regulatory bodies are now advocating for mandatory penetration testing standards similar to aviation safety protocols.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free

The post Nissan Leaf Vulnerability Exploited to Gain Control Over the Car Remotely appeared first on Cyber Security News.

​The original article found on Cyber Security News Read More