Critical bug found in Kia’s portal could be used to locate, hack millions of cars: Report 

A critical bug in Kia’s dealer portal could reportedly be used by threat actors to locate and hack into millions of vehicles using just their license plates  

Updated - September 27, 2024 12:13 pm IST

New Kia Motors logo

New Kia Motors logo | Photo Credit: Special Arrangement

Security researchers have discovered a critical flaw in Kia’s dealer portal. The security bug can be exploited by threat actors to locate and illegally gain access to millions of Kia cars made after 2013 using just the vehicle’s license plate, a report from Bleeping Computer said.

The security bug could also be used to control any Kia vehicle equipped with remote hardware in under 30 seconds and expose personal information of the owners. This includes names, phone numbers, email address, and physical address.

Attackers can reportedly exploit the bug to add themselves as a secondary user to the vehicle without the owner’s knowledge.

To demonstrate the gravity of the bug, researchers engineered a tool that allowed them to remotely unlock the vehicle, start or stop the engine, honk the horn and pinpoint the location of the vehicle.

The security researchers who found the bug in Kia’s portal had earlier in 2022 discovered similar vulnerabilities impacting over a dozen car companies that could be exploited to remotely locate, disable starters, unlock and start over 15 million vehicles from renowned makers including Ferrari, BMW, Rolls Royce, and Porche.

The reported vulnerabilities have now been fixed by Kia and the company has responded saying that the bug was never actively exploited in the wild.

However, the news raises important questions about privacy and security of owners. Earlier in 2023, a study from the Mozilla Foundation said cars scored worst for privacy among more than a dozen product categories — including fitness trackers, reproductive-health apps, smart speakers and other connected home appliances — that Mozilla has studied since 2017.

The proliferation of sensors in automobiles — from telematics to fully digitised control consoles — has made them prodigious data-collection hubs, often raising concerns around their data privacy policies and its implementation.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.