Flaw In Kia's Web Portal Let Researchers Track, Hack Cars (arstechnica.com)
(Friday September 27, 2024 @05:20PM (msmash)
from the internet-of-useless-things dept.)
- Reference: 0175145551
- News link: https://it.slashdot.org/story/24/09/27/1950242/flaw-in-kias-web-portal-let-researchers-track-hack-cars
- Source link: https://arstechnica.com/cars/2024/09/flaw-in-kia-web-portal-let-researchers-track-hack-cars/
[1]SpzToid shares a report:
> Today, a group of independent security researchers revealed that they'd found a flaw in a web portal operated by the carmaker Kia that let the researchers [2]reassign control of the Internet-connected features of most modern Kia vehicles -- dozens of models representing millions of cars on the road -- from the smartphone of a car's owner to the hackers' own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any Internet-connected Kia vehicle's license plate and within seconds gain the ability to track that car's location, unlock the car, honk its horn, or start its ignition at will.
>
> After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group's findings and hasn't responded to WIRED's emails since then. But Kia's patch is far from the end of the car industry's web-based security problems, the researchers say. The web bug they used to hack Kias is, in fact, the second of its kind that they've reported to the Hyundai-owned company; they found a similar technique for hijacking Kias' digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they've discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.
[1] https://slashdot.org/~SpzToid
[2] https://arstechnica.com/cars/2024/09/flaw-in-kia-web-portal-let-researchers-track-hack-cars/
> Today, a group of independent security researchers revealed that they'd found a flaw in a web portal operated by the carmaker Kia that let the researchers [2]reassign control of the Internet-connected features of most modern Kia vehicles -- dozens of models representing millions of cars on the road -- from the smartphone of a car's owner to the hackers' own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any Internet-connected Kia vehicle's license plate and within seconds gain the ability to track that car's location, unlock the car, honk its horn, or start its ignition at will.
>
> After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group's findings and hasn't responded to WIRED's emails since then. But Kia's patch is far from the end of the car industry's web-based security problems, the researchers say. The web bug they used to hack Kias is, in fact, the second of its kind that they've reported to the Hyundai-owned company; they found a similar technique for hijacking Kias' digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they've discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.
[1] https://slashdot.org/~SpzToid
[2] https://arstechnica.com/cars/2024/09/flaw-in-kia-web-portal-let-researchers-track-hack-cars/
Kia (Score:2)
by korgitser ( 1809018 )
Kia... the gift that keeps on giving.
A flaw in the web piece, not the car per se (Score:2)
by Robert Goatse ( 984232 )
At first I thought, ah cool a car hardware hack. Nope, they mucked with the API to do certain (limited) stuff.
Do they have an interior camera? (Score:2)
by cascadingstylesheet ( 140919 )
Whole new meaning to "I wanna see ya in a Kia"!
If you had a Kia... (Score:2)
by rossdee ( 243626 )
it was probably stolen already
cars will be locked down so that an dealer code ne (Score:1)
cars will be locked down so that an dealer code is need to do
oil change
tire change
light change
---
any repair that needs parts changed
any service at X time or Y miles
Re: (Score:3)
That won't keep the baddies out though. Like I said in another post, you thought ClownStrike was bad, you haven't seen anything yet. Carpocalypse is only matter of time, not if, but when. Connecting cars to the Internet is just asking for it.
Re: (Score:2)
Just imagine if the systems involved with actual driving are compromised! random braking, steering, acceleration...