Researchers discovered a major flaw in Kia’s North American models, and with the help of these hackers, the brand can fix the issue. For several years now, almost every new car on the market has been connected to the Internet. The connected automobile paradigm delivers numerous benefits, but it also introduces weaknesses. Thus, a gang of ethical hackers has proven this with proof after uncovering a technique to unlock, boot, and even geolocate millions of Kia vehicles in the United States. The fact that these hackers only needed to know the license plate of the vehicle they wanted to cyberattack is perhaps the most concerning aspect.
How can people prevent their Kia from sharing more information than needed?
Thanks to ethical, or white hat, hackers, who utilize their expertise for good by pointing out software flaws before they can be exploited by malevolent actors. Sam Curry and Neiko Rivera are two of the researchers who have told Wired about their findings. According to their admission, the vulnerability was tied to Kia’s online connectivity portal, which allows owners to pair their smartphones with their vehicles and remotely manage functions such as the horn, door lock, or ignition. For the sake of simplicity, these hackers duped Kia’s system into giving them control of a car rather than the legitimate owner. They then took control of all of the remote functionalities offered through the brand’s app.
Also, Curry claims that this would function even if the owner disabled the car’s connected services for privacy reasons. Yes, that could still work. Any car equipped with this remote device can be activated initially, then hijacked afterward. He told Road & Track that the only way around this was to remove the SIM card from the vehicle’s modem or disassemble it. Kia claims to have patched this vulnerability, but they have told Wired that they are still investigating the system for other potential flaws. Almost any Kia car sold in North America from 2014 may have been affected. The work of these hackers is unsettling because of how simple it appears at first glance. They only required the car’s license plate to exploit the flaw.
Curry explains to Wired that if someone bothers you on the road, you can take down their license plate and know where their car is at any time, so you can get in. If we hadn’t brought this to Kia’s attention, anyone with access to a person’s license plate might simply harass them at any time. Moreover, this finding adds to the growing concern about linked cars and their negative consequences. We already know that some manufacturers exploit their connectivity to collect and sell driving data, which is raising auto insurance rates in the United States. This could be another reason not to subscribe to any connected auto service.
Kia has launched a new smart charging offer in the United States
Kia is working on implementing smart charging services gradually in the USA and the Netherlands. Both vehicle-to-home services and unidirectional, grid-serving charging are included in this. Bidirectional charging is another feature Kia plans to introduce to its consumers later this year. In seven states, specifically California, Washington, New York, Florida, Texas, New Jersey, and Illinois, Kia is also launching a vehicle-to-home (V2H) service. This feature enables the Kia EV9 to function as an emergency power source during power outages or as an energy storage device in a smart home ecosystem.
Additionally, the South Koreans have stated that they are collaborating closely with regulatory bodies and will shortly be extending their V2H service to additional locations and automobiles. Kia claims to be working with major utility companies in California to establish a V2G scheme. According to Kia, the new initiatives in the United States are consistent with the strategy of the parent business, Hyundai Motor Group, and signal the beginning of a phased market launch. Throughout this year, Hyundai, its sibling firm, will also launch related services.
