Millions of Kia Cars Vulnerable to Simple Website Hack
A recent discovery by security researchers has revealed a flaw in a Kia web portal that allowed them to track millions of cars, unlock doors, and start engines at will. This vulnerability is the latest in a series of web bugs that have affected over a dozen carmakers, including Acura, Genesis, Honda, Hyundai, Infiniti, and Toyota.
The researchers found that by exploiting the vulnerability in Kia’s web portal, they could reassign control of a car’s internet-connected features from the owner’s smartphone to their own device. This allowed them to track the car’s location, unlock the doors, honk the horn, and start the engine.
The researchers have discovered a slew of similar web-based vulnerabilities in the last two years, affecting a wide range of car manufacturers. “The more we’ve looked into this, the more it became very obvious that web security for vehicles is very poor,” says Neiko “specters” Rivera, one of the researchers.
The group’s findings highlight the need for car manufacturers to prioritize web security and protect their customers’ vehicles from potential hacking threats. As the use of internet-connected features in cars becomes more widespread, the risk of hacking and other security breaches will only continue to grow.
The web flaw could have created significant opportunities for theft of a car’s contents, harassment of drivers and passengers, and other privacy and safety concerns. While Kia has patched the vulnerability, the researchers warn that similar issues are likely to exist in other car manufacturers’ systems, leaving millions of cars vulnerable to hacking.