Kia’s Vulnerability Exposes the Threat of Vehicle Hacks
A group of hackers revealed a threatening security vulnerability in Kia’s web portal which could’ve allowed unauthorized parties to indulge in vehicle hacks to unauthorized parties, according to WIRED.
This vulnerability, exclusively shared with WIRED, raises serious concerns regarding modern cars’ internet-connected features.
A Flaw with a Serious Impact
The vulnerability in Kia’s web portal allowed researchers to take control of various features in modern Kia cars, enabling vehicle hacks where the hackers were able to shift control of internet-connected functions from a car owner’s smartphone to their own devices.
This made it possible to track the car’s location, unlock doors, honk the horn, and even start the engine.
During an interview with WIRED, Neiko “specters” Rivera, one of the researchers said, “The more we’ve looked into this, it’s very obvious that web security for vehicles is very poor.”
The vulnerability was easy to access to the extent that the car hackers could try their hack technique on Kia rentals and dealerships, and it still worked, which means that vehicle hacking could be done easily.
“It’s really simple,” Rivera said. “They weren’t checking if a user is a dealer, and that’s kind of a big issue.”
This Is Not the Only Issue
This is not the only vulnerability found. They had pointed out a similar bug in Kia last year, but the problem remains significant in the auto industry. However, Kia is the only automaker facing car software hack. In the last two years, similar vulnerabilities were identified within vehicles from Honda, Hyundai, and Toyota, among many others streamlining the process of autonomous vehicles hacking.
This incident highlights a recurring pattern of web-based vulnerabilities across many car manufacturers, demonstrating that few are taking adequate steps to properly secure their systems.
The lack of security measures leaves millions of vehicles at risk, raising concerns about the industry’s overall preparedness to protect modern cars from such threats.
While this vulnerability couldn’t allow hackers to compromise driving systems, such as steering or brakes, it still had many other possible harmful usages, tracking the location of a car, stealing personal information from a hacked car, or even breaking into the vehicle in some cases, leading to theft or an violation of privacy.
“If somebody cut you off in traffic, you could scan their license plate and then know where they were whenever you wanted and break into their car,” Sam Curry one of the team members said, adding that for some Kia models with 360-degree cameras hackers would have unlocked even live video feeds-another level of concern altogether.
After the vulnerability was disclosed to Kia last June, the company updated its web portal to apparently block the hacking technique. The researchers believe that much more needs to be done to generally improve web security across the car industry, as the risk of hacking vehicles is growing.
Kia also didn’t give a detailed response, and while acknowledging the issue, said that the investigation was ongoing.
A New Threat Invading the Industry
The vulnerability points to a growing problem within the auto industry. As car manufacturers implement more and more smart features in their cars to appeal to consumers, they sometimes create more potential risks vehicle hacks.
Stefan Savage, a professor of computer science at UC San Diego, told WIRED, “Once you have these user features tied into the phone, this cloud-connected thing, you create all this attack surface you didn’t have to worry about before.”
The researchers hope their findings going public will make car manufacturers take web security more seriously, emphasizing that previous hacking autonomous vehicles incident pushed some automakers to take into considerations cybersecurity and privacy issues.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.