When purchasing a new car, buyers often have a myriad of questions. However, one question that may not cross their minds is whether their vehicle could be remotely controlled by an attacker using just their license plate information.
Surprisingly, millions of Kia vehicles were vulnerable to such attacks until mid-August, when the automaker addressed a security flaw that allowed unauthorized access. Independent security researchers brought this issue to Kia’s attention.
Remote Control of Kia Cars & SUVs
This vulnerability is part of a series of flaws discovered by the researchers, raising concerns about the susceptibility of modern connected vehicles to cyberattacks.
In a report dated September 26, independent researcher Sam Curry disclosed his findings on the Kia vulnerability, which stemmed from previous discoveries of flaws in vehicles from various manufacturers.
The researchers demonstrated how these vulnerabilities could be exploited to remotely control various functions of the vehicles, posing significant security risks.
An Issue With Automotive API Protocols
The security flaw discovered by Curry and his team was related to the API protocols used for Internet-to-vehicle commands on Kia vehicles, highlighting the importance of secure communication channels.
By exploiting dealer APIs, the researchers could access sensitive vehicle data and manipulate key functions remotely, underscoring the critical need for stronger authentication methods in connected cars.
A Troubling Pattern of Cars’ Cyber Insecurity
The Kia hack further heightens concerns surrounding connected vehicles, emphasizing the need for stronger oversight and scrutiny of automaker practices to protect consumer data and privacy.
As vulnerabilities in connected vehicles persist, there is a growing urgency for automakers to prioritize cybersecurity measures and address the systemic flaws that leave vehicles open to exploitation.