There's also a privacy concern. Attackers could get the username for the CarWings account you need to register the app, which might give them a clue as to who you are.

Hunt reported the flaw to Nissan about a month ago, and the car builder tells the BBC that it's working on a "permanent and robust" fix for the problem. If you're worried, you can unregister the app to lock out any threats in the meantime. Even so, the exploit isn't very reassuring -- it's further evidence that vehicle makers of all stripes still have a lot to learn about internet security.

Update: USA Today reports that Nissan has disabled the NissanConnect EV app while it works on the security flaws. There's no word on when that's expected to be completed, but for now owners will just have to control their car's AC directly, from inside the car.

Update 2: We've received an official statement from Nissan; you can read the whole thing below.