Home Kia website flaw meant cars could be hacked, say researchers

Kia website flaw meant cars could be hacked, say researchers

Last week, a team of independent security researchers published their discovery of a flaw in the car brand Kia’s web portal. It could be exploited to track and remotely control dozens of models.

Thanks to the vulnerability on the website, the researchers could hack a car in about 30 seconds, just by using its license plate. It did not matter if the car had an active Kia Connect subscription or not.

If the car was connected to the internet, it could have the power to track its location, unlock its door, and start the ignition remotely. The hackers were not able to actually move the vehicles, however, nor could they control the steering and brakes.

They were able to acquire customers’ names, phone numbers, email and home addresses though. Most modern vehicle models made after 2013 were susceptible in some capacity.

The group tested the hacks on rental cars and those owned by friends. It worked every single time.

One of the hackers, Sam Curry, told WIRED: “If someone cut you off in traffic, you could scan their license plate and then know where they were whenever you wanted and break into their car.

“If we hadn’t brought this to Kia’s attention, anybody who could query someone’s license plate could essentially stalk them.”

What has Kia done about the bug?

They alerted Kia to these problems when they discovered them back in June this year. WIRED reports that: “Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group’s findings and hasn’t responded to WIRED’s emails since then.”

This isn’t a new problem, nor is it the end for potential car hackings. The same group of researchers discovered other bugs in the last few years, affecting Hondas, Hyundais, BMWs, and more.

As Curry concluded on his blog: “Cars will continue to have vulnerabilities because, in the same way that Meta could introduce a code change which would allow someone to take over your Facebook account, car manufacturers could do the same for your vehicle.”

Feature image credit: Sam Curry

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech, gambling and blockchain industries for major developments, new product and brand launches, AI breakthroughs, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Freya Deyell
Tech Journalist

Freya Deyell is a freelance journalist based in the UK and a film, media and journalism graduate from the University Of Stirling. Previously she worked in local news at Shetland News. She has covered everything from politics and business to technology and sport. Her writing has also been published in the Scottish Beacon and Somewhere for Us magazine. You can find her work on Muck Rack and follow her on X. In her spare time, she can usually be found baking gluten free treats or playing co-op games with her partner.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.