Flaw In Kia's Web Portal Let Researchers Track, Hack Cars (arstechnica.com) 7
SpzToid shares a report: Today, a group of independent security researchers revealed that they'd found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the Internet-connected features of most modern Kia vehicles -- dozens of models representing millions of cars on the road -- from the smartphone of a car's owner to the hackers' own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any Internet-connected Kia vehicle's license plate and within seconds gain the ability to track that car's location, unlock the car, honk its horn, or start its ignition at will.
After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group's findings and hasn't responded to WIRED's emails since then. But Kia's patch is far from the end of the car industry's web-based security problems, the researchers say. The web bug they used to hack Kias is, in fact, the second of its kind that they've reported to the Hyundai-owned company; they found a similar technique for hijacking Kias' digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they've discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.
After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group's findings and hasn't responded to WIRED's emails since then. But Kia's patch is far from the end of the car industry's web-based security problems, the researchers say. The web bug they used to hack Kias is, in fact, the second of its kind that they've reported to the Hyundai-owned company; they found a similar technique for hijacking Kias' digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they've discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.
cars will be locked down so that an dealer code ne (Score:1)
cars will be locked down so that an dealer code is need to do
oil change
tire change
light change
---
any repair that needs parts changed
any service at X time or Y miles
Re: (Score:3)
That won't keep the baddies out though. Like I said in another post, you thought ClownStrike was bad, you haven't seen anything yet. Carpocalypse is only matter of time, not if, but when. Connecting cars to the Internet is just asking for it.
Re: (Score:2)
Just imagine if the systems involved with actual driving are compromised! random braking, steering, acceleration...
Kia (Score:2)
A flaw in the web piece, not the car per se (Score:2)
Do they have an interior camera? (Score:2)
If you had a Kia... (Score:2)
it was probably stolen already