Flaw In Kia's Web Portal Let Researchers Track, Hack Cars (arstechnica.com) 16
SpzToid shares a report: Today, a group of independent security researchers revealed that they'd found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the Internet-connected features of most modern Kia vehicles -- dozens of models representing millions of cars on the road -- from the smartphone of a car's owner to the hackers' own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any Internet-connected Kia vehicle's license plate and within seconds gain the ability to track that car's location, unlock the car, honk its horn, or start its ignition at will.
After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group's findings and hasn't responded to WIRED's emails since then. But Kia's patch is far from the end of the car industry's web-based security problems, the researchers say. The web bug they used to hack Kias is, in fact, the second of its kind that they've reported to the Hyundai-owned company; they found a similar technique for hijacking Kias' digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they've discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.
After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group's findings and hasn't responded to WIRED's emails since then. But Kia's patch is far from the end of the car industry's web-based security problems, the researchers say. The web bug they used to hack Kias is, in fact, the second of its kind that they've reported to the Hyundai-owned company; they found a similar technique for hijacking Kias' digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they've discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.
cars will be locked down so that an dealer code ne (Score:3)
cars will be locked down so that an dealer code is need to do
oil change
tire change
light change
---
any repair that needs parts changed
any service at X time or Y miles
Re:cars will be locked down so that an dealer code (Score:5, Insightful)
That won't keep the baddies out though. Like I said in another post, you thought ClownStrike was bad, you haven't seen anything yet. Carpocalypse is only matter of time, not if, but when. Connecting cars to the Internet is just asking for it.
Re:cars will be locked down so that an dealer code (Score:5, Insightful)
Just imagine if the systems involved with actual driving are compromised! random braking, steering, acceleration...
Re:cars will be locked down so that an dealer code (Score:5, Interesting)
Kia (Score:2)
Re: (Score:2)
You know, 15-20 years ago, I actually liked them (or Hyundai at least). I wonder what happened inside to give the results that we see.
But as far as the "smartphone on wheels" thing, that particular problem is afflicting every manufacturer. Has me considering getting a motorcycle license, or a kit car. Anything but buying the crap that's on dealer lots.
Re: (Score:2)
Re: (Score:2)
My girlfriend, referenced in a response to the other guy on this thread, was in the market for a new car because some idiot ran a light and t-boned her 2016 stick shift Versa. It was a good, reliable car. Zero problems for the entire time she owned it. Great mileage, acceptable power, and it let her walk away from a really nasty crash with nothing but a headache and a sore neck.
Re: (Score:2)
I used to have a 2002 Elantra GT. For the money, it is hands down the best "driver's car" I ever owned. I have to believe somebody who spent many, many hours behind the wheel of a performance car was told to make a list, then they took the budget you'd dedicate to a pair of roller skates and made a car out of it. It was a five speed standard with cruise control (which at the time was unheard of in cars in its price range). The seats were cheap, but really comfortable. Every control was placed so that a
Re: (Score:2)
I had an 08 Elantra sedan for years. The performance seemed great for an automatic that got 32+ mpg. I would complain about the steering, they had just started with the electronic steering and it felt like Gran Turismo. But the reliability was great and I intended on probably getting the GT for my next vehicle. I've heard good things about the Tiburon and even Accent hatch from the early 2000s as well.
But as far as getting a "Kona" that can be hijacked over Bluetooth, or with a toothpick, that doesn't appea
Re: (Score:2)
I'm with you on that 100%. The only comfort I can offer is that some manufacturers seem dedicated to keeping at least some "old school" models. Right now, Suburu and Mazda seem to be leading the pack in this regard. My girlfriend recently road tested a standard transmission Mazda with me along for the ride. It was a good, solid little car, missing all the garbage you and I found problematic. She eventually settled on a slightly older Toyota Corolla (stick) that had none of it. She's hoping it will las
A flaw in the web piece, not the car per se (Score:2)
Do they have an interior camera? (Score:2)
If you had a Kia... (Score:3)
it was probably stolen already
Re:If you had a Kia... (Score:5, Funny)
Internet connected? (Score:3)
Evidently that didn't stop these from being the 'most stolen and used in subsequent crimes' vehicles.
They needed a "Find my Kia" utility.