Recently, a group of security researchers demonstrated that they could remotely hack into Kia vehicles, gaining nearly complete control over various models via a cellular connection. They were able to access cars with the Kia Connect remote control function simply by using a license plate scanning application. This vulnerability affected all Kia models launched after 2014.
The researchers found that the latest Kia models were particularly susceptible to hacking. They were able to track the car’s location using GPS, start and stop the engine, lock and unlock the doors, activate the headlights and horn, and even connect to a 360-degree camera. Additionally, they were able to access the car owner’s personal information, including their name, email, Kia Connect password, phone number, and address. It’s important to note that this level of access was possible even if the owner had not activated the Kia Connect subscription. The only limitation was that the tool created by the researchers could not overcome the immobilizer, making it impossible to drive the car without the key.
The researchers responsibly informed Kia about this vulnerability in June, and it was promptly fixed by the Korean automaker in August. It’s worth noting that this vulnerability was never exploited for real-life malicious purposes but was only tested by the researchers on the cars of their friends and relatives. Importantly, details about security vulnerabilities are only made public after the vulnerability has been addressed.
This incident raises concerns as remote monitoring systems like Kia Connect are now utilized by most major automakers, with millions of vehicles sold each year globally. While these technologies are designed to enhance convenience and comfort for car owners, they also present potential loopholes for hackers to exploit.