Nissan Leaf – PCAutomotive, a leading provider of penetration testing, threat intelligence, and cybersecurity monitoring, unveil critical vulnerabilities in the Nissan Leaf’s connected systems at Black Hat Asia 2025 in Singapore.

Remote Exploitation of a Modern Vehicle

As automotive technology advances, modern vehicles integrate Wi-Fi, Bluetooth, USB connectivity, and cloud-based controls. While these innovations enhance the driving experience, they also introduce new security risks. PCAutomotive’s latest research reveals an attack chain capable of compromising the 2020 Nissan Leaf and controlling critical vehicle functions remotely. 

Key Findings of the Attack

The researchers identified a multi-stage attack chain that allows full remote control of essential vehicle components: 

Bluetooth Exploitation – Attackers infiltrated the vehicle’s internal network by exploiting vulnerabilities in its Bluetooth connectivity. 

Secure Boot Bypass – The team escalated privileges by bypassing secure boot protections, gaining deeper system access. 

Persistent Control via DNS C2 Channel – A Command and Control (C2) channel over DNS allowed attackers to maintain covert and persistent access to the vehicle. 

CAN Bus Manipulation – By exploiting a secondary communication CPU, the team gained access to the CAN bus, controlling mirrors, wipers, door locks, and even steering functions. 

“This research demonstrates how security gaps in connected vehicles can be remotely exploited, posing safety risks,” said Danila Parnishchev, Head of Security Assessment at PCAutomotive. “We hope our findings will help manufacturers to improve current and future vehicles.”

Industry-Wide Implications & Regulatory Considerations

The discovery highlights broader security concerns for automotive manufacturers, regulators, and consumers: 

Necessity of security testing – significant attack surface of modern vehicles demands comprehensive vulnerability assessment to protect from threats. 

Fleet & Consumer Risks – If exploited, attackers could disable security features, track vehicles, or manipulate controls remotely, impacting individual consumers, ride-sharing fleets, and corporate vehicle operators. 

“As cars become increasingly connected, manufacturers need to treat cybersecurity as a core safety component,” said Konstantin Matiukin, Head of Sales and Marketing at PCAutomotive. “Regulations like UNECE R155 and ISO 21434 set a framework, but proactive testing is essential to stay ahead of attackers.”

Has Nissan Responded?

Following responsible disclosure practices, PCAutomotive informed Nissan about the identified vulnerabilities prior to publication. Nissan has acknowledged our findings and provided their perspective on the matter. 

” The goal of our research is revealing and reporting sophisticated attack chains applicable to modern automotive solutions, thus contributing to proactive security approach in the industry. Constant security research also brings us new skills and experiences to offer high-quality on-demand product penetration testing services.” said  Danila Parnishchev, Head of Security Assessment at PCAutomotive.

Exclusive Interviews & Technical Insights

Journalists and industry professionals attending Black Hat Asia 2025 can: 

Join the briefing on April 4 to see a full technical breakdown of the attack. 

Request exclusive interviews (via email) with the leader of PCAutomotive’s research team for further insights. 

Meet PCAutomotive at our booth

We’re also exhibiting at Black Hat Asia from April 1-4 at Booth #513. 

Stop by to: 

Discuss our latest research 

 Learn about automotive penetration testing & threat intelligence 

 Connect with our experts  

For media inquiries, contact Kamilla Tóth, Marketing Director, PCAutomotive (k.toth@pcautomotive.com). 

About PCAutomotive

PCAutomotive is a cybersecurity company specializing in penetration testing, threat intelligence, and cybersecurity monitoring for automotive, financial services, energy, and manufacturing industries. Founded in 2019 and headquartered in Budapest, Hungary, PCAutomotive employs 30 cybersecurity experts focused on embedded devices, IoT systems, and connected infrastructure. 

 PCAutomotive works with leading brands to enhance the security of vehicles, ECUs, payment platforms, payment terminals, and other connected devices, including their infrastructure. Beyond cybersecurity assessment, PCAutomotive delivers threat intelligence and monitoring services, helping organizations mitigate cyber risks and stay ahead of attackers. 

In 2024, PCAutomotive expanded with regional sales offices in Madrid, Spain, and Munich, Germany, further supporting its global client base. 

For more information, visit: pcautomotive.com