iStockphoto
Hackers figured out how to hijack and control millions of Kia cars and SUVs in just seconds simply by scanning the vehicle’s license plate. And it was all due to a flaw on a web portal operated by Kia.
Kia vehicles (and Hyundais) were already being stolen at a ridiculous clip thanks to the ease with which criminals could take them and the Kia Boyz trend that was running rampant on social media.
But according to a new report by Wired, the web vulnerability on Kia’s web portal made it even easier.
Today, a group of independent security researchers revealed that they’d found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the internet-connected features of most modern Kia vehicles — dozens of models representing millions of cars on the road — from the smartphone of a car’s owner to the hackers’ own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any internet-connected Kia vehicle’s license plate and within seconds gain the ability to track that car’s location, unlock the car, honk its horn, or start its ignition at will.
The good news is that this vulnerability has recently been fixed.
The bad news is that this is the second time these researchers have found a flaw in Kia’s system.
Plus, as Andy Greenberg of Wired writes, “…those bugs are just two among a slew of similar web-based vulnerabilities they’ve discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.”
“The more we’ve looked into this, the more it became very obvious that web security for vehicles is very poor,” Neiko Rivera, one of the researchers who discovered this latest Kia vulnerability told Wired.
“Over and over again, these one-off issues keep popping up,” said another one of the researchers, Sam Curry. “It’s been two years, there’s been a lot of good work to fix this problem, but it still feels really broken.”
Another new report, by MotorBiscuit, reveals why one car dealer says newer Kias are an “insurance nightmare.”
Because even with newer Kia models being equipped with immobilizer rings that are supposed to stop the cars from being stolen, they’re just not working the way that’s intended.
Now, instead of the Kia being stolen, thieves just wreck the steering column and leave the cars in shambles when they realize the immobilizers are there.