Nissan LEAF Leaks Speed & Location To RSS Feed

thecarchik writes "An intrepid tinkerer has discovered yet another security issue with the Nissan Leaf: it could be revealing your location and speed to websites around the globe. The issue stems from CARWINGS, the telematics system that Nissan devised for the Leaf. '... when Leaf owners use Nissan's RSS reader to access sites like CNN, the New York Times, or this one, CARWINGS supplies ... the exact location of the vehicle — latitude and longitude — and even the speed at which the vehicle is traveling at the time of the request.'"

Law enforcement will love that

[Anonymous Coward]

"xxxxxxxx is going 95mph while reading CNN. He is at xxxxx,xxxxx. Wonderful!

Re:

[Jim_Maryland]

I can see where it could be abused, but maybe the original intent was to interact with traffic services so people could build better traffic reports (i.e. traffic on route X moving at 15 MPH, recommend alternative route Y moving at 45 MPH).

Re:

[Culture20]

Original intent be damned! Since anyone can see how it can be easily abused, it needs revision or needs never exist.

Re:

[Jim_Maryland]

I agree that it needs revised or removed. I just doubt that the first thought of the Nissan engineers was "how can we invade the privacy of our customers".

Re:

[Midnight Thunder]

But was it the driver or the passenger.

Re:

[michelcolman]

Yes, maybe the driver was only doing 55 mph.

So ...

[WrongSizeGlass]

So Nissan's LEAF is just a driveable iOS device? ;-)

Re:

[jo_ham]

Well, it precisely tracks the *actual* device location rather than random sources of EM around it, so no ;-)

It also sends that data out, unlike iOS, so maybe it's more like Android - can you opt out on the Leaf?

(note non-seriousness and winky smiley, just to be 100% crystal clear to any hot button mods).

Re:

[AmiMoJo]

I think Safari on iOS at least asks if you want to share your location with a web site. The Android browser certainly does. It seems like they just enabled it by default, a bit like when Microsoft enabled ActiveX in IE by default. It's shocking that they were capable of making an in-car computer system but not clued up enough to avoid making mistakes that were embarrassing in the 90s.

Re:

[GameboyRMH]

The Nissan GTR is actually a much better example of a driveable iOS device. You can't mod it or drive it fast outside of a Nissan-approved track.

What if I'm reading a porn RSS feed?

[bigjocker]

Porn site RSS log:

speed: 60 mph
speed: 40 mph
speed: 60 mph
speed: 40 mph
speed: 60 mph
speed: 40 mph
speed: 60 mph
speed: 40 mph
speed: 60 mph
speed: 100 mph
speed: 0 mph
connection lost

Re:

[jdastrup]

100 mph in a LEAF? You are funny.

Re:

[chill]

No, that 100 MPH to 0 MPH wasn't a car crash, it was draining the battery in 10 seconds and coasting to a stop.

Re:

[_Sprocket_]

100 mph in a LEAF? You are funny.

I suspect that's where he lost control and went over the guardrail.

Re:

[adolf]

100 mph in a LEAF? You are funny.

I suspect that's where he lost control and went over the guardrail.

You mean...like this [youtube.com]?

(Humor and taste are sometimes mutually exclusive, and sometimes, neither of them works very well.)

Re:

[_Sprocket_]

No - less "this car is out of control" and more "this car is accelerating beyond normal capable speed with the help of gravity." Of course, explaining the joke kind ruins the fun but your way is good too.

Re:

[MichaelSmith]

You can go very fast in a short time by pointing things downwards...

Nisaan Leaf violates the laws of physics

[CajunArson]

the exact location of the vehicle â" latitude and longitude â" and even the speed at which the vehicle is traveling at the time of the request.

Heisenberg says NEIN!

Re:

[Konsalik]

Wish I had points to mod up. Just made my day!

Re:

[Anonymous Coward]

The Leaf has Heisenberg compensators.

Re:

[Chrisq]

Nisaan Leaf violates the laws of physics

The Leaf has Heisenberg compensators.

You cannot break the laws of physics. The dilithiam crystals 'll never take it captain.

Re:

[michelcolman]

That reminds me of the Ferrari model shown on Top Gear some time ago, where the display behind the steering wheel could either display the speedometer or the GPS map, but not both. So you could see where you were but not how fast you were going, or the other way around. Now that's a car that got its physics right!

MPG?

[cpu6502]

This is a random question, but I can't find the answer so I figured someone here might know:

What is the Leaf's gasoline MPG? Not the combined MPG, but the MPG if the battery was completely dead and you ran the car on gasoline power?

I own a Honda Insight (70MPG) and have driven the Civic Hybrid (51mpg), which are basically pure gasoline cars (no EV mode), so I'm curious how the leaf compares.

Re:

[Jah-Wren Ryel]

What is the Leaf's gasoline MPG? Not the combined MPG, but the MPG if the battery was completely dead and you ran the car on gasoline power?

Zero. You may be thinking of the Chevy Volt.

The Leaf is pure electric, range of 100 miles per charge, or if you drive like I do, more like 50 miles per charge.

Re:

[RoFLKOPTr]

range of 100 miles per charge

THAT'S IT? For a car that costs over $30,000? I would not be able to drive to work and back on that. No wonder the lady at work that just got a Leaf needed to install a charging station there.

Re:

[YrWrstNtmr]

THAT'S IT? For a car that costs over $30,000? I would not be able to drive to work and back on that.

You are not the target audience. I live close enough to mostly make it work.
But I have no garage to install the charger thingy, just a carport. A 110v extension cord does not cut it.
So apparently I am not in the target zone either. I wonder how many people actually are?

Re:

[dudpixel]

Consider it a (working) proof-of-concept for now, and once the charging stations start popping up everywhere, expect a lot of development in this area.

Although if they start using technology to track location and speed, expect it to die very quickly.

Re:

[MichaelSmith]

Whats it like to drive?

Re:

[GameboyRMH]

I'd imagine it's boring and a bit slow, but comfortable, like any other modern car.

Re:

[DamnStupidElf]

So, how's that ~4 gallon commute working out for you? Economically and environmentally sustainable, is it?

Re:

[RoFLKOPTr]

So, how's that ~4 gallon commute working out for you? Economically and environmentally sustainable, is it?

Absolutely, or I wouldn't be doing it.

Re:

[Beyond_GoodandEvil]

Since the Leaf has a highway speeds range of closer to 50 miles, and a propely tuned turbo diesel can get that in 1 gallon of gas, it is supremely possible that previous poster could be running biodiesel and actually be more environmentally sustainable then you and your smug ass. And if it isn't economically sustainable, unless the previous poster is a bank or a local govt, they'll change their behavior. But you will probably still be a douche.

Re:

[AK Marc]

8 minutes for $16? That's $2 per minute. At 2080 work hours a year, that's about $250,000 per year. I don't think you are anywhere near average, and would be somewhere in the top 5% of wage earners (and not the bottom of that top 5%).

Re:

[GameboyRMH]

He gets his plumbing done by Joe the Plumber :D

Re:

[JasterBobaMereel]

Sorry If you live more than 50 miles from work then why are you travelling by car at all ...?

Unless you are out in the sticks any other means of transport has to be cheaper, even moving closer to work would save you a fortune ?

Re:

[RoFLKOPTr]

Sorry If you live more than 50 miles from work then why are you travelling by car at all ...?

Unless you are out in the sticks any other means of transport has to be cheaper, even moving closer to work would save you a fortune ?

Unfortunately, not around here. I work in San Francisco and live in the North Bay. The bus would cost over $20/day and I would have to leave an hour and a half earlier than by car. There is no train up here. The ferry wouldn't get me where I need to go. And if you want to move, the closer you get to San Francisco the more ridiculously expensive it is to live.

Re:

[JasterBobaMereel]

Ah the joys of a sprawling city with poor public transport ...

Re:

[GameboyRMH]

Wow, you live pretty far from work. I could nearly drive a Leaf around for a week on a single charge.

Re:

[RoFLKOPTr]

The construction industry does that to you. You have to go where there's work. It doesn't come to you, unfortunately.

Re:

[mattack2]

BTW, I am against subsidies, but there are federal and (some) state subsidies that greatly lower the cost to the consumer.

(Yes.. at the cost to the rest of the taxpayers, that's why I'm against subsidies.. but would take advantage of them while they're in place.)

Re:

[Chrisq]

off-topic but holy shit dude, you live 50mi+ from your work? Why?!

Seriously it happens. We have a guy in our office who commutes 60 miles each way, taking nearly two hours twice a day. He was made redundant in his previous job. It took him six months to find this position, during which he worked on a couple of contracts 250 miles from home (away every week) He has kids who will be going through their final school exams in the next two years - moving schools would be very disruptive at this point. It is unlikely that he will get another job near his home - in a largely rur

Re:

[drinkypoo]

He has kids who will be going through their final school exams in the next two years - moving schools would be very disruptive at this point.

So is driving a hundred miles every day.

I don't have any easy answers for people with kids, but they made their bed and now we should have to lie in it? It's easy for me to talk because I don't have kids, but that was a choice. I don't get a say in whether you are burning up a bunch of fuel to get to a job that the world would probably be better off without anyway, statistically. Especially if it's a government job.

Re:

[mattack2]

Since you say "taking nearly two hours twice a day", it sounds like you mean he runs into a lot of traffic.

So if he had a car charger at work, he could use a LEAF too, since it easily will get him *to* work. My traffic comment means that the car isn't just wasting energy (idling with gas) while stuck in traffic.

Re:

[danhuby]

It's 100% electric. You can't run it on petrol.

Re:

[MichaelSmith]

To answer the question you could charge it from a petrol powered generator.

Re:

[mattack2]

However, even all electric vehicles display MPGE, so that one can make a reasonable comparison between energy efficiency in different vehicles.

Re:

[cpu6502]

Never mind!

Stupid me - I thought the Leaf was a hybrid car like the Chevy Volt (40 mpg). Ooops.

Re:

[UdoKeir]

There is no gasoline engine. It's all-electric. http://en.wikipedia.org/wiki/Nissan_Leaf [wikipedia.org]

Re:

[0100010001010011]

0. It doesn't have a gasoline engine. It's not a hybrid.

Re:

[spitzak]

No it is zero. The leaf would travel zero miles even if provided with 1 gallon of gas. 0/1 is zero.

Re:

[Ossifer]

+Inf. 100 miles / 0 gallons.

Re:

[Ossifer]

He's got an original Insight, the weird looking ones with the narrower rear axle, and the original MPG rating, before the EPA changed how Hybrids' ratings were calculated.

Re:

[SBrach]

The prius was being driven "all out" the whole time, while the bmw matched the speed of the prius. FTFY

WTF?

[boristdog]

Why is a car reading RSS feeds?

Re:

[SerpentMage]

THat is what I was thinking! I thought we were supposed to avoid driver distraction.

Re:

[Thing 1]

"You can't make an RSS reader out of a car."
"No," said Samuel, "but you can make very crashy car."

Re:

[camperdave]

Why shouldn't it? How is the car supposed to find out about road closures, traffic conditions, etc?

Re:

[treeves]

It gets bored while waiting at red lights?
Automatically updating its drivers? Ba-dum ching!

Re:

[blair1q]

Broadcast power. [borderlands.com]

Re:

[R3d M3rcury]

On the Internet, no one knows you're a car.

Re:

[cbiltcliffe]

They do when you tell them you're on a highway doing 60 mph....

Re:

[harmonise]

Why is a car reading RSS feeds?

The radio has an RSS reader with text-to-speech. You can tune into an RSS feed just as you would a radio station and it will read the stories to you one by one. A friend of mine owns a Leaf. I rode in it last month and he was showing off this feature. It was pretty cool to cruise down the highway listening to LWN.net stories.

Leak?

[amicusNYCL]

Where's the leak? According to the data I see in the article this feature looks like it's specifically designed in. It's not "leaking" anything, it's specifically disseminating that information.

Re:

[NFN_NLN]

Where's the leak? According to the data I see in the article this feature looks like it's specifically designed in. It's not "leaking" anything, it's specifically disseminating that information.

It's not a leak, that's just the way it was designed. Similar to a condom with a hole in it.

Wait, that's inseminating not disseminating, never mind.

RSS Reader?

[SerpentMage]

Ok here is my question, why on earth does a car have an RSS reader? I thought the idea was to avoid crashes and avoid driver distraction?

Re:

[Jah-Wren Ryel]

Ok here is my question, why on earth does a car have an RSS reader? I thought the idea was to avoid crashes and avoid driver distraction?

Its surely for behind-the-scenes stuff like traffic and weather updates for the GPS, firmware patches, etc. RSS is functional enough for automated "push" distribution.

Re:

[blair1q]

http://www.nissan-global.com/EN/ENVIRONMENT/SOCIAL/CARWINGS/ [nissan-global.com]

the car uses realtime traffic data to do GPS route creation

there's also some weird stuff about comparing fuel economy with other car owners. something hypermilers have to do manually. of course, there's the question of why an all-electric car gives a fuck about fuel economy...

Re:

[Thing 1]

"My driver's foot is heavier. I'll activate the ejector seat so I can compete with you."

Re:

[NewWorldDan]

of course, there's the question of why an all-electric car gives a fuck about fuel economy...

The battery economy of an electric car is highly variable depending on driving conditions. From an engineering perspective, there is just no substitue for massive amounts of data from actual field use. Also, hypermilers are OCD douchebags who really like to feel smug about their driving habits.

Re:

[harmonise]

The radio has an RSS reader with text-to-speech and will read stories aloud while you drive.

Another good use for a GPS jammer

[Kernel Kurtz]

to protect against the increasingly likely future that your car will routinely spy on you, either through simple complacency, or outright legislation.

Enables route-specific feeds

[danhuby]

Probably to allow RSS feeds specific to your journey - for example 'travel issues affecting my journey', or 'coffee shops en route'.

The oversight is that it isn't asking before sending that information.

What if you take the SIM card out?

[Jah-Wren Ryel]

The LEAF has a SIM card to do its stuff wirelessly. What happens if you take the SIM out? Will it just queue up all the tracking info and upload it as soon as it gets reconnected, or is it a shoot-and-forget thing where the local copy gets binned regardless of if the transmission was successful or not?

I've been looking at the LEAF (and Tesla's line-up, yes I know the prices are vastly different, that's not an issue for me) and the whole "phone home" thing is a deal-breaker. I won't buy a car with OnStar or the equivalent unless I can be 100% sure that it is disabled. I don't need that level of hand-holding and I won't spend my money in support of such a product unless it has a 100% provable "off switch."

Re:

[timeOday]

I think we need a law to compel full disclosure on what is transmitted, and what is collected/stored in the car. The free market can't work without information.

Re:

[idontgno]

The free market can't work without information.

Well, first things first. Let's get that "free market" thingie working, and then we'll worry about information.

Re:

[guruevi]

Usually those things are pretty easy to disable. OnStar's system sits in a module in known locations which you can simply unplug the power or antenna to (a screwdriver, ratchet and a bit of manhandling may be required). I don't know about the LEAF system but I know Saab had a SIM-card based system which you could remove with a bent paperclip and when you took it out it just didn't do anything, queuing up any of that data would be useless. You could also reset the system before ever activating it again.

At th

Re:

[blair1q]

You used to be able to disable OnStar just by not paying the exhorbitant fee for it.

Re:

[Cro Magnon]

Is it disabled? I assumed that they still tracked you. They just wouldn't unlock your car or tell you where you were when you got lost.

Re:What if you take the SIM card out?

[Black Gold Alchemist]

It might be time for a classic electric RAV4. They do everything a LEAF does and can be had for prices similar to a LEAF (now a bit lower) with out the spy stuff. They have virtually indestructible batteries. Sadly, I can't afford one.

Re:

[GameboyRMH]

If I had the money I'd buy a Tesla Roadster, it's a very good sports car, and imagine the look on Corvette owners' faces when you pull away from them in a straight line! :D If you need the seats their new sedan is good too. The Leaf's a decent grocery-getter, but that's all it is. A boring commuter. Not even good looking, mildly sporty or luxurious, like Tesla's sedan.

Re:

[Jah-Wren Ryel]

No, I want something that makes uses of the massive over-capacity of solar-panels I installed on my roof. My intent was to use the excess to power my car rather than sell it back to the electric co at wholesale rates.

Re:

[Jah-Wren Ryel]

I have difficulting believing a car lover ...

What gave you that idea?

I can think of neater things to do with power, like making the entire home wireless.

Uh I don't really give a damn about how its transmitted around my house, I care about how it is consumed.

Re:

[GameboyRMH]

I have difficulting believing a car lover could be satisfied with anything less than internal combustion.

It's mostly old-school and muscle-car guys who have that mindset. Yeah you'll miss the noise, but the convenience, low maintenance and crushing acceleration on sporty models make up for it.

Re:

[Chrisq]

There are others you can buy but Nissan tries like hell to invalidate your warranty if you don't use their blessed charger installed by their holy electrician.

Ah the one that worked on the pope-mobile

Re:

[leenks]

They aren't clean though. I live in the UK with a VW using the same engine, and here it is considered a luxury higher performance engine. If you care more about "clean" you go for the blue motion - that isn't clean either though.

Re:

[Jah-Wren Ryel]

If you remove the SIM card from the vehicle, it will not "start," in that the vehicle will not shift from Park unless the SIM card is installed.

Wow. That is some suck. Will it run with a dummy card in place?

Re:

[cbiltcliffe]

a large group of Nissan employees show up in a micro van and pummel you for 2 hours with Domo-kun dolls or until you submit and put the card back in.

But how do they know where to find you to beat you up, if you've pulled the SIM card from the car? Unless you're a dumbass, and pull the card while your car is sitting in your driveway at home.

If the card can be accessed while driving, even by a passenger, then pull it while you're one the freeway with your foot to the floor. That way you can avoid the ninja sqaud, and with any luck, they'll also think the car blew up....
If it's under the hood, or somewhere like that, pull over on the freeway after drivin

No security risk

[arisvega]

It is a feature.

As cars get more tech...

[SuperCharlie]

I appreciate my 72 Ford F100 more every day. Thank God I work from home and only need it to haul things every once ina while. Yes, the mileage is hideous, but being able to wrench around on it without a batcave of scopes an electronics as well as the lack of tracking/gps/logs etc is priceless.

Re:

[Ossifer]

And people who like to breathe will never tailgate you!

Re:

[Anonymous Coward]

if the socialists would stop placing tracking electronics in modern more efficient cars people would have one less reason to avoid them.

Re:

[drinkypoo]

I have a 1982 Mercedes Diesel sedan with over 200k on it and it barely smokes. I had a 1981 before it that smoked like a mad bastard (the guy who sold it to me is a lying sack of shit. he's my ex's uncle. his family owns a marina and a supermarket in town. this seems to be a theme in my life. the owner of hahn automotive sold me a travel trailer and made false claims, I guess I shoulda got 'em on paper.) This one actually smoked a lot too until I deleted the nonfunctional EGR, now it runs better and smokes

Re:

[Ossifer]

While there are some individual cases of older cars (not trucks) having pretty good emissions, anything older than 10 years will not have anything close to the emissions standards new cars have. The '72 Ford F-150 most certainly has a diesel or leaded gasoline, probably the latter. This truck is 40 years old. This means a carburetor that needs frequent tuning (possible) and no catalytic converter at all.

It's not solely the exhaust you see and/or smell, but also the exhaust you don't.

The plain fact that th

Re:

[Inda]

I appreciate my Honda Jazz. Eight years old and only a single gearbox sensor has gone wrong. You have to love modern cars that don't need reparing throughout their normal lifespan.

With a little shell script

[craighansen]

One could spoof Carwings as a Nissan Leaf doing laps around all police stations at Mach 0.99. Sweet. And that'll play hell with the platinum ratings, especially as the battery condition will be charging instead of discharging.

Re:

[0123456]

Nissan should seriously consider a package without the GSM radio, carwings..etc... some people who would otherwise purchase a leaf may be disinclined to do so due to all the creepy unecessary features.

But they probably make at least a 50% profit margin on those 'creepy unnecessary features'.

Re:

[blair1q]

Like putting a swimming pool in your backyard, adding a feature that attracts one customer but drives away another gives you net zero increase in resale price.

Re:

[CohibaVancouver]

I don't want to "compare my mileage against that of other Leaf owners". What is this, the 8th grade locker room? No idea what information about the speed of your vehicle could be used for?

My sister is considering a Leaf, so I've been reading up on it. In a nutshell, all this 'telematics' is about crowdsourcing performance data on the car, so Nissan (and others) can get an accurate sense of battery life and other performance factors under a variety of conditions over the lifespan of the vehicles. So

Re:I own one of these...

[n2rjt]

And the vehicle NAV screen displays an annoying message EVERY SINGLE TIME you start the car, explaining that it will be transmitting your location data and requires you to press a button on the screen to "agree" or "disagree." I assume if you disagree it won't send anything.

Mod parent up.
The LEAF has an RSS reader that reads (text to speech) the selected feed. I don't have any idea why they provide the location data to RSS feeds, but it is an opt-in system.

Re:

[SleazyRidr]

They don't follow the usual EULA approach and just not start the car if you don't agree? I find that quite impressive.