Car owners, are you sitting down? A troubling cybersecurity flaw has been uncovered on the website of automaker Kia, allowing hackers to remotely control key functions of millions of cars.
The detailed report, available on the personal blog of Sam Curry, one of the researchers involved, walks through the discovery of the exploit and how it was utilized to breach car security.
Android Automotive receives new QOL update, including support for Bluetooth headphones
In a shocking revelation, vulnerabilities affecting Kia vehicles were found by the researchers in June. These vulnerabilities enabled remote control over crucial functions using just a license plate. The exploit allowed hackers to track a car’s location, unlock doors, sound the horn, start the engine, and even activate the camera on certain Kia models remotely.
The research team informed Wired that the exploit was accessed through a flaw in a web portal operated by Kia, providing access to all internet-based features in the manufacturer’s cars.
Curry demonstrated the hack in a video, showcasing how he managed to remotely access a 2022 Kia EV6 using a custom app called KIAtool. The flaw not only granted access to control vehicles but also opened up a treasure trove of personal information about Kia customers.
The researchers alerted Kia to the website vulnerability, which has since been patched. Kia confirmed that the exploit was never used maliciously, and the tool created by the researchers was not released to the public.
But the story doesn’t end there. Similar override exploits have plagued other car brands including Honda, Nissan, Mercedes, Hyundai, BMW, and Ferrari in the past.
The NSA advises you to turn off your phone once a week – here’s why
Additionally, Curry’s team identified a similar flaw in Toyota’s web portal, which was promptly patched upon notification. While swift actions are commendable, the prevalence of such vulnerabilities underscores the need for automakers to prioritize security.
Unfortunately, there’s little the average car owner can do, highlighting the importance of installing available software patches to safeguard vehicles. Stay vigilant, stay safe!