Resources
Stay up to date with the latest PCAutomotive news and events, explore our webinars, and study our expert research.
We highlight the most important and valuable trends in the automotive security industry
2025-04-01
Black Hat Asia 2025, Singapore
Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet
PCAutomotive was sponsoring Black Hat Asia 2025 in Singapore between April 1-4, 2025. Our Security Assessment Team did a very successful briefing session on their latest research of Nissan Leaf 2020 exploitation.
Speakers:
- Radu Motspan | Senior Security Researcher, PCAutomotive
- Mikhail Evdokimov | Senior Security Researcher, PCAutomotive
Contributors:
- Polina Smirnova | Senior Security Researcher, PCAutomotive
- Danila Parnishchev | Head of Security Assessment, PCAutomotive
- Alexei Stennikov | Hardware Security Expert, PCAutomotive
- Artem Ivachev | Senior Security Researcher, PCAutomotive
- Anna Breeva | (ex) Senior Penetration Tester, PCAutomotive
- Abdellah Benotsmane | Security Researcher, PCAutomotive
- Balazs Szabo | Frontend Web Developer, PCAutomotive
- All PCAutomotive crew
Talk description
In this session, we presented our successful remote exploitation of a 2020 Nissan Leaf, achieved by chaining multiple vulnerabilities across its connected systems. Starting with a Bluetooth entry point, we escalated access by bypassing secure boot, established a covert Command and Control (C2) channel over DNS, and ultimately interfaced with the vehicle’s CAN bus - gaining control over critical functions like mirrors, wipers, locks, and steering.
We’ll walk through each stage of the attack, from initial access to persistent control, highlighting both the technical challenges and broader implications for automotive cybersecurity.
