Nissan source code leaked online after Git repo misconfiguration

erek

erek

[H]F Junkie
Joined
Dec 19, 2005
Messages
10,871
"The Git server, a Bitbucket instance, was taken offline yesterday after the data started circulating on Monday in the form of torrent links shared on Telegram channels and hacking forums.

Reached out for comment, a Nissan spokesperson confirmed the incident.

"We are aware of a claim regarding a reported improper disclosure of Nissan's confidential information and source code. We take this type of matter seriously and are conducting an investigation," the Nissan rep told ZDNet in an email.

The Swiss researchers received a tip about Nissan's Git server after they found a similarly misconfigured GitLab server in May 2020 that leaked the source code of various Mercedes Benz apps and tools.


Mercedes eventually admitted to the leak, and Kottmann, who was hosting the leaked data, also removed it from their server at the company's request."

https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/
 
Source code eh... of what? oh you're going to make me click on the link you dirty bastage!

  • Nissan NA Mobile apps
  • some parts of the Nissan ASIST diagnostics tool
  • the Dealer Business Systems / Dealer Portal
  • Nissan internal core mobile library
  • Nissan/Infiniti NCAR/ICAR services
  • client acquisition and retention tools
  • sale / market research tools + data
  • various marketing tools
  • the vehicle logistics portal
  • vehicle connected services / Nissan connect things
  • and various other backends and internal tools
Click to expand...
So nothing of critical importance? Like how to take remote control of a car and crash it into traffic. I mean I guess that's good, but yeah maybe one of those things could be used.
 
I read a few years back that the mobile app provided by Nissan for remote services like remote door unlock or climate control activation was performed by unauthenticated REST calls, with the target vehicle solely determined through a query string parameter that used the vehicle VIN. Gobsmackingly awful. TLDR don’t let car companies try software because it doesn’t end well. Doubly so if that car company is Nissan.
 
Agreed Nissan is a mess right now. Their CVT transmission fuses are far too expensive. That fuses life expectancy under stop and go conditions is a low hanging sour fruit. GM's been pushing for open source for years and meets only resistance by other manufacturers.
 
learners permit said:
Agreed Nissan is a mess right now. Their CVT transmission fuses are far too expensive. That fuses life expectancy under stop and go conditions is a low hanging sour fruit. GM's been pushing for open source for years and meets only resistance by other manufacturers.
Click to expand...
what about bypassing the fuses? if parts are built with enough sophistication and high end quality they should be able to handle those conditions or those conditions shouldn't even arise, imho


1609996475305.png
 
We had a 2013? Altima for about 6 months. The CVT was a nightmare. Constant noise and vibration that 3 dealers told me was normal and nothing was wrong. Twice lost drive power on the highway until it cooled down. I will never buy another CVT for any maker.
 
  • Like
Reactions: erek
like this
I lucked out with mine, I have a 2012 Altima that was a year or two before the rampant 2013+ CVT issues.
Part of the issue is they said at the time oh you're good for life you don't need to do anything for the tranny etc however if you look in the manuals and actual documentations the CVT fluid should be changed every 50-60k miles still even though they've marketed you don't.
IIRC the primary issue that cause the failures was it overheating, which replacing the fluid more often or adding a auxilary cooler helped with.

I had a 1997 used maxima that was in multiple wrecks I drove into the ground, and my 2012 altima i got barely used is still going strong since its alot better cared for (but the dreaded 10y problems are coming up so who knows).
 
Last edited:
Spartacus09 said:
I lucked out with mine, I have a 2012 Altima that was a year or two before the rampant 2013+ CVT issues.
Part of the issue is they said at the time oh you're good for life you don't need to do anything for the tranny etc however if you look in the manuals and actual documentations the CVT fluid should be changed every 50-60k miles still even though they've marketed you don't.
IIRC the primary issue that cause the failures was it overheating, which replacing the fluid more often or adding a auxilary cooler helped with.

I had a 1997 used maxima that was in multiple wrecks I drove into the ground, and my 2012 altima i got barely used is still going strong since its alot better cared for (but the dreaded 10y problems are coming up so who knows).
Click to expand...
Nissan was good before Renault took over, and from there their quality went to shit. I think Nissan is independent now.
 
I love my Mazda, except the tomtom GPS you gotta pay for map updates and they don't have any actual updates for the midwest.

If you can do the conversion to the android auto on your Mazda, do it.
 
Last edited:
learners permit said:
Agreed Nissan is a mess right now. Their CVT transmission fuses are far too expensive. That fuses life expectancy under stop and go conditions is a low hanging sour fruit. GM's been pushing for open source for years and meets only resistance by other manufacturers.
Click to expand...
Do they even make 5/6 speed with a proper 3rd pedal?
 
/dev/null said:
Do they even make 5/6 speed with a proper 3rd pedal?
Click to expand...
They're few and far between, most of the manufacturers that have a CVT/Manumatic transmission do it for all of the models to reduce the cost of having to make multiple options for it.
I think the lowest of the low end series have a true manual 5 speed though, the Versa comes to mind but thats about the only one.
 
Lol! cars that use Firmware/software CRAP I tell ya!
Fuel injection is what I stop at for modern conveniences (and AC that uses good ol' R-12 not the new flammable 1234YF and that name sounds like a kid named it).
I remember when Foreign vehicles used to be Junk Subaru & Hyundai/Kia come to mind now they actually have decent offerings now.
 
Format _C: said:
Lol! cars that use Firmware/software CRAP I tell ya!
Fuel injection is what I stop at for modern conveniences (and AC that uses good ol' R-12 not the new flammable 1234YF and that name sounds like a kid named it).
I remember when Foreign vehicles used to be Junk Subaru & Hyundai/Kia come to mind now they actually have decent offerings now.
Click to expand...
i've got two vehicles with carbs on them, both Holley carbs
 
Our Armada has been awesome granted it's still made in Japan and has an actual 7-speed transmission and not the CVT. All of their problems are the models with the CVTs in them.
 
Format _C: said:
Lol! cars that use Firmware/software CRAP I tell ya!
Fuel injection is what I stop at for modern conveniences (and AC that uses good ol' R-12 not the new flammable 1234YF and that name sounds like a kid named it).
I remember when Foreign vehicles used to be Junk Subaru & Hyundai/Kia come to mind now they actually have decent offerings now.
Click to expand...
I read this in Abe Simpson voice.
 
erek said:
i've got two vehicles with carbs on them, both Holley carbs
Click to expand...

Nice! My Father had a 1979 Ford Thunderbird I loved that car and the AC was freezer cold but you sure noticed the fuel gauge drifting toward the 'e' mark much faster then the large 5.8l V8 (350?) already made it.

OutOfPhase said:
I read this in Abe Simpson voice.
Click to expand...

Get off my lawn you young whipper snapper don't come back ya hear!

DukenukemX said:
Lets see what Mr Wizard thinks.
Click to expand...


Scotty Kilmer? Anyone watch Him just for the comedic value? He can't decide who he hates or likes more and that changes each video.
 
  • Like
Reactions: erek
like this
Format _C: said:
Lol! cars that use Firmware/software CRAP I tell ya!
Fuel injection is what I stop at for modern conveniences (and AC that uses good ol' R-12 not the new flammable 1234YF and that name sounds like a kid named it).
I remember when Foreign vehicles used to be Junk Subaru & Hyundai/Kia come to mind now they actually have decent offerings now.
Click to expand...
the gas in a system matters little if it's a well design system..also the flammability part if form the little bit of added carbon products they put to help oil lubrication..... It will not explode nor catch fire. also r12 has a lot of short comings and makes 0 sense to ues for any new system.

That said 1234 is a stupid blend very very similar to 134a but costs 20x more... also fun fact it's one of the reasons why we lost nice colored refrigerant drums and now everything is a gray can.
 
tunatime said:
the gas in a system matters little if it's a well design system..also the flammability part if form the little bit of added carbon products they put to help oil lubrication..... It will not explode nor catch fire. also r12 has a lot of short comings and makes 0 sense to ues for any new system.

That said 1234 is a stupid blend very very similar to 134a but costs 20x more... also fun fact it's one of the reasons why we lost nice colored refrigerant drums and now everything is a gray can.
Click to expand...

Yes I have seen the outrageous costs and $ for the associated new tools.

R600A/R290 I think one is Propane (sadly no accessories are included!) and the other is isobutane the equipment that uses that stuff has a warning label on it mentioning that flammable refrigerant is used I think the first uses were mini fridges and chest freezers.
I have a stash of R22 (green drum) and a few R12/R134A but no one is getting my secret stash of R12 cans with a few R134A cans thrown in for good measure as it is no longer allowed for new stuff as of 01/01/2021.
OK I got to go the EPA is knocking at the door bye!
 
You must log in or register to reply here.
Back
Top