Kia security researchers have discovered several bugs, as a result of which hackers can break into the electronic systems of Ferrari, BMW, Rolls-Royce, Porsche and other automakers, and even unlock and start the cars. Sleeping computer.
Researcher Sam Curry revealed that a critical error was also discovered in the Kia portal on June 11, 2024.
Which allows the car to be controlled remotely within 30 seconds, “regardless of whether it has an active Kia Connect subscription or not.”
Because of these errors, personal data of vehicle owners, including name, phone number, email address, and place of residence, can also fall into the hands of unauthorized people, and hackers can add themselves to them as users. The researchers tested how to unlock or lock the car in a few seconds, and for this they created an account on the kiaconnect.kdealer.com portal and already had access to the information.
After authentication, they were able to properly access the car owner's data and through it to the electronic system controlling the car, as shown below.
It has been shown that fraudsters can use the portal to:
- Access to the victim's email address and phone number,
- Modify owner access rights,
- Adding an email address provided by the hacker to the victim's car.
If scammers get hold of this information, they can actually enter the vehicle's identification number and then track, unlock, and even start the car without the owner's knowledge.
According to the researchers, this state can continue until “the victim receives a notification that his car has been accessed and his access permissions have not been changed.” According to Sam Curry, this bug has been fixed since June.
Follow Index on Facebook too!
