Researchers have identified a critical vulnerability in Kia vehicles that allows attackers to gain remote control over essential functions, including locking and unlocking doors, starting the engine, and even accessing personal information. The vulnerability, discovered by security researcher Sam Curry, allows attackers to exploit weaknesses in Kia’s online systems and mobile apps, potentially compromising vehicles within 30 seconds using only a license plate number. While Kia has patched the vulnerability, the incident highlights the increasing threat posed by connected vehicles, emphasizing the need for robust security measures to protect against remote hijacking and data theft.
Critical vulnerabilities have been discovered in Kia’s dealer portal, potentially exposing millions of vehicles to remote hijacking. These vulnerabilities could allow attackers to remotely control vital car functions, steal personal information of car owners, and even add themselves as hidden users on the vehicles. The flaws arise from the improper handling of user authentication and authorization in the dealer portal, allowing attackers to bypass security measures and gain unauthorized access. Attackers can exploit these vulnerabilities to take control of vehicles, access sensitive information, and potentially even cause physical harm, posing a significant threat to the safety and security of Kia owners. Urgent patching is recommended for all Kia vehicles and their associated dealer systems to mitigate these critical vulnerabilities.