A group of European white hat hackers from the company Pcautomotive, based in Budapest, demonstrated how to remotely hack the 2020 Nissan Leaf electric car. The hacking included controlling the steering wheel while driving, tracking the car in real-time, recording conversations, and reading text messages of passengers using a homemade simulator assembled from parts purchased on eBay.
The study was presented at the Black Hat Asia 2025 in the form of a presentation, detailing the hacking process which involved simulating the car’s CAN bus and exploiting vulnerabilities in the Bluetooth protocol and the DNS C2 channel. The risks identified included weak network traffic filtering and the absence of a digital signature for loaded kernel modules.
Several vulnerabilities were disclosed, including bypassing the anti-theft system, intercepting updates, buffer overflow options for remote code execution, maintaining access to Wi-Fi networks, and exploiting an old vulnerability in the I.MX 6 processor.
The most concerning part of the attack was the remote control of the steering wheel, made possible by accessing the electronic steering system and circumventing logical isolation between CAN subnets. This allowed the researchers to send control signals intended for internal components through external interfaces.
Privacy breaches extended beyond monitoring car movements to gaining access to the multimedia system, enabling the hackers to play audio through the car’s speakers, access microphones, and view call logs.
All vulnerabilities were reported to the manufacturer between August 2023 and September 2024. The presentation emphasized that these hacking techniques expose systemic flaws in the design of modern “smart” cars, urging manufacturers to address these issues seriously.
While the study focused on an electric car, experts cautioned that similar vulnerabilities could exist in conventional cars with electronic control of steering, brakes, and accelerator systems.