Understanding the Keyless Entry Vulnerability in KIA Vehicles (CVE-2025-6029)
Recently, a significant security vulnerability has been identified within the keyless entry systems (KES) used in various KIA vehicles in Ecuador. This weakness, designated CVE-2025-6029, poses a serious risk of theft to thousands of vehicles. The issue has arisen from the outdated technology being utilized in aftermarket key fobs authorized and distributed by KIA Ecuador, impacting models such as the KIA Soluto, Rio, and Picanto manufactured between 2022 and 2025.
The Nature of the Vulnerability: CVE-2025-6029
The vulnerability was uncovered by Danilo Erazo, an independent security researcher who has dedicated his efforts to studying vehicle security. His findings reveal a crucial flaw in the keyless entry systems installed in numerous KIA vehicles in Ecuador. Unlike many contemporary vehicles that use rolling code technology—where the access code changes with each use—the affected KIA key fobs are based on "learning code" technology.
What is Rolling Code Technology?
Rolling code technology is a dynamic security feature that alters the access code each time the key fob is used. This practice significantly reduces the risk of replay attacks, where static codes can be intercepted and reused by thieves. Rolling codes became mainstream in vehicle security during the mid-1990s and have been standard in Latin America since the early 2000s. In contrast, KIA’s key fobs use fixed learning codes, which remain the same each time the fob transmits a signal.
The Mechanics of Learning Code Systems
Learning Codes Explained
Learning codes are fixed codes that can be programmed into both the vehicle’s receiver and the key fob transmitter. Unlike permanently hardwired codes, learning codes can be reprogrammed. Typically, most vehicles support up to four of these codes, allowing multiple keys to be paired with the same vehicle. However, the static nature of these codes makes them vulnerable to exploitation through replay or cloning attacks.
An attacker can capture the radio frequency signal emitted by the key fob with specialized equipment, such as antennas or Software Defined Radio (SDR) devices. They can then replay this signal to unlock the vehicle, hence the term "Keyless Entry Vulnerability."
Vulnerability in Key Fob Technology
KIA vehicles manufactured in 2022 and early 2023 employ the HS2240 chip in their key fobs, while those made in 2024 and 2025 utilize the EV1527 chip. Both of these chips rely on the insecure learning code technology, offering around one million fixed code combinations. Cybercriminals can use brute force techniques to attempt all possible combinations, thereby gaining unauthorized access to the car.
Additionally, the system showcases “backdoor” vulnerabilities. The vehicle’s receiver allows for the programming of up to four learning codes, enabling malicious actors to introduce their own codes. This could grant them permanent access to the vehicle without the owner’s knowledge, potentially happening anywhere along the production or supply chain before the vehicle is delivered to the customer.
The Broader Impact
The KIA vulnerability is affecting a large number of vehicles in Ecuador, with reported cases primarily involving the Kia Soluto, Rio, and Picanto models from 2022 to 2025. The problem has led to incidents of theft in both public and private parking lots. Although this vulnerability has been publicly disclosed in Ecuador, there is a strong belief that similar keyless entry systems are used in other countries throughout Latin America, potentially widening the scope of the issue.
Further complicating the situation is the fact that KIA Ecuador not only installs these key fobs but also officially homologates and distributes them. Remarkably, these vulnerable key fobs remain available for purchase on the KIA Ecuador website, despite not being original equipment manufacturer (OEM) parts.
Moving Forward: A Call to Action
In light of the research conducted by Danilo Erazo and others, there is an urgent need for KIA and similar manufacturers to address the vulnerabilities associated with learning code technology. Replacing these outdated key fobs with modern rolling code systems is imperative to enhance vehicle security.
The risks posed by the KIA vulnerability extend beyond Ecuador. Due to overlapping fixed code ranges, other regions may also be susceptible to similar security breaches. The call for action is clear: manufacturers must phase out vulnerable keyless entry systems to protect consumers and their vehicles.
As technology continues to advance, staying informed about vehicle security vulnerabilities is crucial for any car owner. By understanding these risks, drivers can take proactive steps to safeguard their vehicles against potential theft.
