Security researchers from PCAutomotive have uncovered serious vulnerabilities in the 2020 Nissan Leaf electric vehicle. During a presentation at Black Hat Asia 2025, the team demonstrated how these security flaws could be exploited to remotely hack the car, spy on occupants, and take control of various vehicle functions.

Comprehensive Security Breakdown

PCAutomotive, a firm specializing in penetration testing and threat analysis for the automotive and financial sectors, detailed their findings about the second-generation Nissan Leaf released in 2020. The vulnerabilities they discovered allowed attackers to exploit Bluetooth functions in the car’s infotainment system as an entry point to the vehicle’s internal network.

Privilege Escalation and Remote Access

According to the researchers, these vulnerabilities enabled:

  • Privilege escalation within the vehicle’s systems
  • Establishment of communication channels with control servers via cellular networks
  • Hidden and persistent remote access to the electric vehicle directly through the internet

Serious Privacy and Safety Implications

The security flaws exposed Nissan Leaf owners to significant risks. Potential attackers could:

  • Track the vehicle’s location in real-time
  • Capture screenshots from the infotainment system
  • Record conversations taking place inside the cabin
  • Remotely control critical vehicle functions, including:
    • Door locks
    • Windshield wipers
    • Horn
    • Mirrors
    • Windows
    • Headlights
    • Steering wheel (even while the vehicle was in motion)

Vulnerability Disclosure Timeline

The security issues were serious enough to warrant eight separate CVE (Common Vulnerabilities and Exposures) identifiers, ranging from CVE-2025-32056 to CVE-2025-30263.

PCAutomotive researchers noted that the disclosure process was lengthy:

  • Initial vulnerability disclosure to Nissan: August 2023
  • Nissan’s confirmation of the issues: January 2024
  • CVE identifier assignment: Approximately one year after initial disclosure

Public Demonstration

To highlight the severity of their findings, the research team released a video demonstration showing how their exploits could be used to remotely hack a Nissan Leaf. This real-world proof-of-concept underscored the practical implications of the security flaws.

Nissan’s Response

In their official statement, Nissan declined to provide specific details about the vulnerabilities or their remediation measures, citing security concerns. However, the company emphasized its commitment to “continue developing and implementing technologies to combat cyber attacks for the safety and peace of mind of customers.”

Broader Industry Implications

This discovery highlights the growing cybersecurity challenges facing the automotive industry as vehicles become increasingly connected. Modern cars often contain dozens of electronic control units and various connectivity features that can potentially be exploited by malicious actors.

For Nissan Leaf owners, these findings serve as an important reminder about the need to keep vehicle software updated with the latest security patches. Industry experts recommend that Leaf owners contact their local Nissan dealership to ensure their vehicles have received all necessary security updates.

Share this post

Author

Editorial Team
Editorial Team
The Editorial Team at Security Land is comprised of experienced professionals dedicated to delivering insightful analysis, breaking news, and expert perspectives on the ever-evolving threat landscape

Comments