Control a car in 30 seconds. All from a distance. This is what allowed a security flaw detected in Kia cars (Hyundai group). Cybersecurity researchers have thus discovered several flaws in “almost all Kia vehicles manufactured after 2013,” states a public report dated September 26.
Specifically, the vulnerabilities could have allowed hackers to remotely control certain essential functions of the manufacturer’s cars.
A trick in 30 seconds
The hackers only needed to obtain the license plate number of the car they were going to hack. All they had to do was create a fake account on the portal dedicated to Kia dealers and enter a few lines of code to obtain the owner’s name, phone number and email address.
Once this information is obtained, the cybercriminal could change the owner’s email address to register as the new owner of the vehicle. Enough to allow hackers to unlock the car, start it or follow it remotely… without leaving the slightest trace. On the victim’s side, no notification was sent indicating that the car had been hacked.
More worryingly, this method also worked on cars without an active subscription to Kia Connect, the service that allows you to connect a Kia to a smartphone to benefit from additional functions.
The flaw was reported to Kia in June 2024. The automaker has since implemented a fix. For its part, Kia confirmed that the flaw had not been exploited for malicious purposes.
It is not the first time that the manufacturer has been affected by a security breach. In February 2023, users launched the “Kia Challenge” on Tiktok. The goal? Attempted theft of a Hyundai group vehicle using a USB key.
Source: BFM TV
