On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription.
I’ve noticed a lot of issues showing up for the Kia and Hyundai cars security wise. I wonder if they’re having issues because there’s more focus on those cars or if their security is really that bad.
The Kia/Hyundai “challenge” where people were stealing their cars with a USB cord is because they opted not to include an immobilizer in US models for a decade. Every other car brand had them as standard. Kia even had them as standard in non US cars, but because the USA stupidly does not have a law about it, they opted to drastically reduce car security to save a few dollars per car.
This has made them prime targets, as people know they make bad security choices whenever they can save a buck.
I’m still amazed that immobilizers aren’t a legal requirement in the USA, and that Kia would remove them from US models just to save a small amount of money.
Both probably. I’m sure a lot of cars have problems like this, but they just haven’t been found and there are already known vulnerabilities to focus on.
I’ve noticed a lot of issues showing up for the Kia and Hyundai cars security wise. I wonder if they’re having issues because there’s more focus on those cars or if their security is really that bad.
The Kia/Hyundai “challenge” where people were stealing their cars with a USB cord is because they opted not to include an immobilizer in US models for a decade. Every other car brand had them as standard. Kia even had them as standard in non US cars, but because the USA stupidly does not have a law about it, they opted to drastically reduce car security to save a few dollars per car.
This has made them prime targets, as people know they make bad security choices whenever they can save a buck.
So a bit of both, I expect.
I’m still amazed that immobilizers aren’t a legal requirement in the USA, and that Kia would remove them from US models just to save a small amount of money.
Both probably. I’m sure a lot of cars have problems like this, but they just haven’t been found and there are already known vulnerabilities to focus on.
Don’t look into South Korean web security. If their cars are as badly designed as their websites… Yikes
They went balls deep with the devil’s spawn called nprotect.