Kia Vehicle Vulnerability Exposes Remote Control Risks
In a shocking turn of events, millions of Kia vehicles were discovered to have a critical flaw that allowed attackers to remotely control the vehicles using just license plate information. This vulnerability was brought to light by independent security researchers who alerted Kia to the issue in mid-August.
The flaw, similar to others discovered in recent years, raised serious concerns about the susceptibility of modern connected vehicles to cyberattacks. Researchers, including Sam Curry, found that attackers could exploit the flaw to issue commands for locking and unlocking vehicles, starting and shutting down the engine, activating headlights and horns, and even accessing a vehicle’s camera.
The issue stemmed from a vulnerability in the automotive API protocols that enable Internet-to-vehicle commands on Kia automobiles. By registering a Kia dealer account and authenticating it, attackers could access APIs reserved for dealers, allowing them to control key vehicle functions. They could remotely lock and unlock vehicles, activate headlights and horns, determine geolocation, and even retrieve the owner’s personally identifying information.
Experts in cybersecurity emphasize the need for automakers to enhance cybersecurity measures by implementing stronger authentication methods and securing communication channels to protect against unauthorized access. The discovery of this flaw underscores the concerning pattern of cybersecurity vulnerabilities in connected vehicles and the urgent need for greater oversight and scrutiny of automaker practices. Kia Motors has yet to respond to requests for comment on the issue.