Yet another automaker skimping on digitial secutity. This time it’s Nissan whose Leaf has a web app that allows you to check battery status, but also manage the climate control remotely, yet has absolutely zero authentication, allowing anyone with your VIN to freely roast or freeze you out.

Here’s an excellent writeup by Troy Hunt detailing how the exploit was found, tested and eventually exposed after Nissan dragged their feet in addresing the issue once it was brought to their attention.