news

kia fixes high-risk vulnerability: affecting millions of vehicles, attackers can locate, open doors, and start engines within seconds

2024-09-28

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

it house news on september 28th, technology media arstechnica published a blog post yesterday (september 27th), reporting that there is a security vulnerability in kia’s official website, which allows attackers to take control of most cars with internet connectivity in a matter of seconds. including operations such as location tracking, unlocking and opening car doors, sounding the horn, or starting the engine.

after network security expert neiko rivera, nicknamed specters, discovered the above-mentioned vulnerability in june this year, he immediately notified kia. subsequently, kia took it seriously and has now fixed the problem.

“the deeper we dug into it, the more obvious it became that the vehicle’s cybersecurity was very weak,” rivera said.

it house note: this vulnerability does not affect driving systems such as steering wheels or brakes, nor can it bypass the car's anti-theft system, but it can be used to steal items in the car, harass car owners and passengers, and have other privacy and security issues.

additionally, the flaw could have given hackers access to kia customers' personal information, including names, email addresses, phone numbers, home addresses and historical driving directions.

the vulnerability was achieved by exploiting a simple vulnerability in the backend of kia's customer and dealer websites, giving hackers the same permissions as the dealer, allowing them to reassign control of vehicle features to any customer account they created.