On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subs...
FYI: From the article: “These vulnerabilities have since been fixed, this tool was never released, and the Kia team has validated this was never exploited maliciously.”
I know the majority of you hate Tesla, but security is something they do take more seriously. They even take part in pwn2own to help find vulnerabilities.
All auto manufacturers should be taking part in that.
Nothing like winning a car to get people to try and break into it publicly.
Yeah... fuck this shit. This is part of the reason I still drive a nearly 20 year old vehicle. It has features I want, and can't be stolen via fucking API calls. Absolute insanity.
I think Hyundai/Kia group has done unfathomable damage to their brands. Kia, despite being a budget brand, wants to be seen as a legit competitor to Toyota or at least Nissan. Their corner cutting with the immobilizers and the resulting "USB" theft shit was bad enough. Now this exploit.
They're just terrible cars. I've had two...they were great until they weren't. I literally had a screw fall out of the headliner the other day bringing it home from a nearly 1000$ exhaust patch/repair. It's not 10 years old yet and only has 60k miles.
The other one has had the engine replaced already (under warranty thank god).
We are likely replacing both of them next year. I'm never buying a Kia again.
My Toyota with 300k+ miles has cost me $285 in repairs minus maintenance costs. I’ll likely get at least another 100k. Just placing these goalposts here…
Just because you can't use it doesn't mean a hacker can't. If someone discovered a vulnerability in the 3g handshake or encryption protocol, it could be an avenue for an RCE.
Cool just like trying to replace a blower motor in a modern car feel free to rip the entire dash out only to find out it has a second antenna all the way in the back underneath the spare tire also behind a tail light which somehow requires you to remove the muffler to get to....
That Civic is hands down the most bulletproof, refined and perfected k-series car Honda ever produced, or ever will, at this point.
If anyone reading this wants a V6, find a manual TL. Equally bulletproof, but with a J-series and room to stretch out and they are CHEAP for zero reason on the market. I don't even understand it other than they don't really have tuning potential, but as a commuter car, they can't be beat for the price to comfort. They ride like clouds and have 300hp to punch with if you stomp them down an offramp.
Let the fucking hacking begin. Fuck these assholes. They are milking people out of their last penny, and on top of that they're selling people's driving data to data brokers who sell it to insurance companies that jack up prices.
I’ve noticed a lot of issues showing up for the Kia and Hyundai cars security wise. I wonder if they’re having issues because there’s more focus on those cars or if their security is really that bad.
The Kia/Hyundai "challenge" where people were stealing their cars with a USB cord is because they opted not to include an immobilizer in US models for a decade. Every other car brand had them as standard. Kia even had them as standard in non US cars, but because the USA stupidly does not have a law about it, they opted to drastically reduce car security to save a few dollars per car.
This has made them prime targets, as people know they make bad security choices whenever they can save a buck.
I'm still amazed that immobilizers aren't a legal requirement in the USA, and that Kia would remove them from US models just to save a small amount of money.
Both probably. I’m sure a lot of cars have problems like this, but they just haven’t been found and there are already known vulnerabilities to focus on.
Things like live traffic require a connection though, and Google maps I think does the routing calcs off the device. Most people will use their phone for all that, but the use case is there.
That’s a very subjective take. My friends and family that live in hot climates love the ability to remotely turn on and pre-cool their vehicles. I appreciate being able to check if I remembered to lock the doors.
And by using that internet connected feature you're 100% handing out your driving info to your car manufacturer, who in turn will sell it to LexisNexis, who in turn will sell it to insurance companies, who in turn will jack up your insurance prices.
My car reminds me if the doors are unlocked or left open. I can adjust the charging speed at any time. I can turn on the HVAC and seat heaters before I leave. I can see my current state of charge. I can see exactly what is happening when my alarm goes off. I can see exactly where it is if it's stolen. Etc.
You can argue that those are not important to you, personally but I don't think you can argue that they aren't good reasons.
I think there are certainly other wireless technologies that are superior in many ways and can supplement or replace the need for internet access in your immediate area.
the first bunch provides info and abilities that are only relevant when you are in the car. this is like wanting to know your house's temperature when you are in the store, or on vacation. what the fuck you do with that information?
the remaining about the alarm and it being stolen, what are you going to do with this? go after them with your 4th car and a shotgun? let's hope they did not disconnect the batteries..
if you absolutely cannot live without these, you should by an extension that does this, instead of forcing this shit on everyone
I think the point is that there isn't a good enough reason to put internet in a car that negates the risk of it.
It is like adding lead to food. It's a cheap sweetener with no calories. You can argue that cheap sweeteners aren't important to you, but I don't think you can argue that it isn't a good reason. It just isn't a good enough reason to negate the risk.