BrianKrebsSep 26, 2024

Heads up to Kia owners/potential buyers: Today, a group of independent security researchers revealed that they'd found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the hackers’ own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any internet-connected Kia vehicle’s license plate and within seconds gain the ability to track that car’s location, unlock the car, honk its horn, or start its ignition at will.

https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

WIRED
Show threadBrian Vastag

@briankrebs HackerNews says it was fixed last month.

https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html?m=1

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

Kia fixes vulnerabilities that allowed remote car control using only a license plate. Patch issued

The Hacker News
Sep 26, 2024 at 9:19pmWeb
Show threadBrianKrebsSep 26, 2024
@brianvastag Thanks. Seems like maybe safer to say they fixed the issue(s) the researchers raised? Aren't they still collecting all the data?
Show threadBrian VastagSep 26, 2024
@briankrebs Well they say the exploit that allowed remote control of car functions was fixed.
Show threadnjsgSep 28, 2024
@brianvastag @briankrebs Minor nitpick, but that is *not* Hacker News.