Remote Hack Exposes Full-Control Flaws in 2020 Nissan Leaf

Security researchers have demonstrated a remote-code-execution attack that lets hackers seize complete control of 2020-model Nissan Leaf electric vehicles, turning them into rolling surveillance devices with little more than a Bluetooth-jamming trick and a string of unpatched bugs. The proof-of-concept was unveiled this week at Black Hat Asia 2025 and is now detailed in public advisories.

How the Attack Works

The exploit starts with a brief 2.4 GHz radio-frequency jam that forces the Leaf’s infotainment system to drop its Bluetooth connection. When drivers open the connectivity menu to re-pair their phones, malicious code slips in, penetrates the head unit, and pivots to the car’s CAN gateway. From there, attackers can:

• Steer, brake and accelerate the vehicle

• Toggle doors, windows, lights, wipers and mirrors

• Record in-cabin conversations via the hands-free microphone

• Track and exfiltrate live GPS data

Researchers catalogued eight CVEs (CVE-2025-32056 → 32063) plus two Nissan-specific flaws that together allow privilege escalation, kernel-module loading and long-term persistence—even after the car is switched off.

Limited Scope—but Serious Privacy Stakes

Because the vulnerability chain affects only the 2020 Leaf (model code ZE1), the immediate road-safety risk is relatively contained. Remote driving without line-of-sight is impractical, but covert eavesdropping and location tracking remain real threats, especially for high-value targets.

Nissan’s Response

Nissan was notified under coordinated disclosure in late 2023 and has since issued an over-the-air firmware patch. A company spokesperson said the automaker will “continue to roll out technologies to combat increasingly sophisticated cyber-attacks.”

What Owners Should Do

• Check your software version: Update the infotainment unit via Wi-Fi or at a dealership.

• Disable passive Bluetooth pairing: Keep Bluetooth off when not in use until patched.

• Monitor recalls and service bulletins: Ensure any telematics or gateway updates are installed.

Bigger Picture: Cars Are the New Network Edge

The Leaf hack underscores a widening attack surface as vehicles add always-on connectivity, third-party apps and semi-autonomous features. Industry analysts warn that automakers must adopt “secure-by-design” principles—signed firmware, strict network segmentation and real-time anomaly detection—to keep pace with well-funded adversaries.

For now, the 2020 Nissan Leaf serves as a cautionary tale: when your daily commute depends on code, a routine software update can be as vital as a seatbelt.

Photo Credit: DepositPhotos.com