BrianKrebsSep 26, 2024

Heads up to Kia owners/potential buyers: Today, a group of independent security researchers revealed that they'd found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the hackers’ own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any internet-connected Kia vehicle’s license plate and within seconds gain the ability to track that car’s location, unlock the car, honk its horn, or start its ignition at will.

https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

WIRED
Show threadJD
@briankrebs oh snap, them Kia kids are at it again!
Fr though I hope they release a fix soon.
Sep 26, 2024 at 6:10pmWeb
Show threadKrupoSep 26, 2024

@JDGeoShack @briankrebs wired is horribly paywalled but the impression I got is that Kia maybe fixed it?

"Appears to have fixed the vulnerability in its web portal" followed by lack of more comment.