09/30/2024

Thanks to a Simple Website Bug, Millions of Vehicles Could be Hacked and Tracked

Researchers found this flaw in a Kia web portal

In the past, when security researchers found ways to hijack vehicles' internet-connected systems, their proof-of-concept demonstrations tended to show, thankfully, that hacking cars is hard. Exploits like the ones that hackers used to remotely take over a Chevrolet Impala in 2010 or a Jeep in 2015 took years of work to develop and required ingenious tricks: reverse engineering the obscure code in the cars' telematics units, delivering malicious software to those systems via audio tones played over radio connections or even putting a disc with a malware-laced music file into the car's CD drive.

This summer, one small group of hackers demonstrated a technique to hack and track millions of vehicles that’s considerably easier—as easy as finding a simple bug in a website.

Today, a group of independent security researchers revealed that they'd uncovered a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the hackers' own phone or computer.

Please select this link to read the complete article from WIRED.