New vehicles are becoming more and more connected, bringing features and technologies that felt like science fiction a few years ago. That level of connectivity comes with considerable risk, however, as cars connected to the internet in any way creates a potential for hacking. While many vulnerabilities require a high level of skill and knowledge to exploit, a team of researchers recently discovered a new, much easier method for gaining access to connected cars.
The team announced that it had found a flaw in one of Kia’s web portals that gave them access to connected features in most of the automaker’s newer vehicles. They were able to exploit the flaw using a custom app to target vehicles and said they could quickly use the cars’ license plates to gain access to their location and other controls. The team could also remotely lock and unlock vehicles, honk their horns, and start the ignition.
Researchers told Kia of the problem in June, and the automaker seems to have closed the hole. It’s the second such vulnerability found in Kia’s systems, but the company is far from the only one at risk. A while back, Toyota’s supplier portal was hacked, giving researchers access to user data and more.
For now, the most significant problems have been found and reported by researchers and people with good intentions, but hackers’ ability to target vehicles and drivers based on license plate numbers, which are publicly visible at any time, should be a wake-up call that more serious problems could be ahead.
[Images: Kia]
Become a TTAC insider. Get the latest news, features, TTAC takes, and everything else that gets to the truth about cars first by subscribing to our newsletter.
