BrianKrebsSep 26, 2024

Heads up to Kia owners/potential buyers: Today, a group of independent security researchers revealed that they'd found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the hackers’ own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any internet-connected Kia vehicle’s license plate and within seconds gain the ability to track that car’s location, unlock the car, honk its horn, or start its ignition at will.

https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

WIRED
Show threadexcited for the mastodon riseSep 26, 2024

@briankrebs Can we regulate this? Car owners should be able to physically depower all data radios in the car with the flick of a switch. Like, a physical switch that disconnects power from this part of the car.

I need a new car, and I cannot and will not buy one until this tracking shit is put to bed. Which means I'll probably have to buy a "classic" car at this point.

Show threadFish Id Wardrobe ⁂
@qkslvrwolf @briankrebs Not in the EU, which mandates that all new vehicles must have a built in mobile link to the police — which _probably_ only turns on when you press a button.
Sep 26, 2024 at 8:07pmWeb