Nissan’s
NissanConnect EV mobile app is known to readers for a lot of wrong
things but this one takes the cake. Its developer was caught red-handed
for copying a code verbatim from the coder help site, Stack Overflow.
For the uninitiated, Stack Overflow is a question-and-answer sites for
coders, where any developer can post a programming-related question and
get a response from a fellow developer.
Copying and pasting code
from the internet is one of the biggest open secrets in computer
programming but doing it word for word is bad. Even a third grader knows
that copying a essay word for word from his friend would get him caught
by the teacher. But NissanConnect EV mobile app developer seems to have
forgotten this cardinal rule.
Scott Helme, a security researcher, caught the developer red-handed when a
verbatim Stack Overflow answer showed up in the most recent app update. Helme immediately tweeted his find which is given above.
Its funny that the line of code which contains Stack Overflow motto “
the spirit of stack overflow is coders helping coders” escaped the eyes of Nissan App development and quality control checks.
Like I said above, NissanConnect EV mobile app is known for using insecure APIs which can be hacked from anywhere in the world.
The two security researchers, Scott Helme and Troy Hunt demonstrated
vulnerabilities in the NissanConnect EV mobile app remote management
APIs that allow anyone with the VIN number of the car to access certain
features of it from anywhere across the Internet.
Now this copying pasting sure takes the cake!
Comments
Post a Comment