[ad_1]
Three researchers discovered a flaw in the computer network of KIA vehicles, which made it possible to track and unlock the car remotely.
Researchers have revealed a flaw – now fixed – in Kia brand vehicles. It allowed you to take control of the vehicle remotely. In the report published at the end of September, cybersecurity experts indicate that “ these attacks could be carried out remotely on the latest KIA brand vehicles in approximately 30 seconds, whether the Kia Connect subscription is active or notn”.
These vulnerabilities affect almost all models produced after 2013, even allowing cybercriminals to discreetly access sensitive information, such as the victim’s name, phone number, email address, and physical address.
The flaw lies in the KIA dealership systems – kiaconnect.kdealer[.]com – used for vehicle activation by sellers. Hackers could create a fake account and then access the vehicle identification number (VIN), to obtain the owner’s name, phone number and email address.
A vehicle opened in a few clicks
During their investigation, the researchers discovered that it was possible to access the internet system of a personal vehicle by sending a few requests. “ An attacker could obtain a person’s license plate from this software, enter their VIN, then passively track the car or even unlock it » we can read in the report.
The experts documented their experience in a video.
On the victim’s side, no notification was sent to indicate that the automobile had been hacked.
After reporting to the manufacturer in June 2024, Kia fixed the vulnerabilities on August 14, 2024. There is no evidence to indicate that these vulnerabilities were exploited for malicious purposes.
[ad_2]
Source link -100