Researchers Gained Control of Some Kia Models Using License Plate Numbers and a Simple Hack

Chris Teague
by Chris Teague

New vehicles are becoming more and more connected, bringing features and technologies that felt like science fiction a few years ago. That level of connectivity comes with considerable risk, however, as cars connected to the internet in any way creates a potential for hacking. While many vulnerabilities require a high level of skill and knowledge to exploit, a team of researchers recently discovered a new, much easier method for gaining access to connected cars.

The team announced that it had found a flaw in one of Kia’s web portals that gave them access to connected features in most of the automaker’s newer vehicles. They were able to exploit the flaw using a custom app to target vehicles and said they could quickly use the cars’ license plates to gain access to their location and other controls. The team could also remotely lock and unlock vehicles, honk their horns, and start the ignition.


Researchers told Kia of the problem in June, and the automaker seems to have closed the hole. It’s the second such vulnerability found in Kia’s systems, but the company is far from the only one at risk. A while back, Toyota’s supplier portal was hacked, giving researchers access to user data and more.

For now, the most significant problems have been found and reported by researchers and people with good intentions, but hackers’ ability to target vehicles and drivers based on license plate numbers, which are publicly visible at any time, should be a wake-up call that more serious problems could be ahead.


[Images: Kia]


Become a TTAC insider. Get the latest news, features, TTAC takes, and everything else that gets to the truth about cars first by subscribing to our newsletter.

Chris Teague
Chris Teague

Chris grew up in, under, and around cars, but took the long way around to becoming an automotive writer. After a career in technology consulting and a trip through business school, Chris began writing about the automotive industry as a way to reconnect with his passion and get behind the wheel of a new car every week. He focuses on taking complex industry stories and making them digestible by any reader. Just don’t expect him to stay away from high-mileage Porsches.

More by Chris Teague

Comments
Join the conversation
2 of 13 comments
  • Slavuta Slavuta on Oct 01, 2024
    Can they remotely push the clutch to start the 3-pedal car?.... get manual
  • Bd2 Bd2 on Oct 01, 2024
    I wouldn't be surprised if Toyota funded this kind of research in some pathetic effort to slow Kia's meteoric rise to the top of the market. South Korea is a vertically synergized country where companies cooperate in concert with the central government to spread the South Korean culture to the world and wash away all of the Japanese influences over the past decades. BTS, LG , Samsung, Hyundai, Kia, Genesis are the most respected and trusted brands anywhere. What a lowlife godless tactic.
  • SCE to AUX 61, wife is 59, Pittsburgh area. Erie Insurance for 35 years: 19 Ioniq EV ($628/yr), 22 Santa Fe ($646/yr). Very affordable for good coverage. I wonder how much insurance companies (not Erie) spend on advertising, and how many people are ready to jump, constantly shopping around. Must be worth it for the insurers and their new customers.
  • ToolGuy Don't ask me about my business, Kay.
  • ToolGuy TG has followed the rules for awhile now. It might be time for a change.
  • MrIcky 14 challenger rt and 22 gladiator rubicon comp/coll + extra equipment rider, 10medpay 100 um/uim and 250/500 liab inj 250 liab prop which was smallest i could take out to get an umbrella is 165/mo combined. +37/mo for a KTM 690. My wife and I are in 50s in idaho with clean records
  • ToolGuy Age fine, mileage fine, make good, model no way.
Next