weather_iconDublin | 8.08 °C | AQI 78
Saturday, 21 December, 2024

---Advertisement---

Auto

Is Your Kia Car At Risk? Hackers Could Access Millions Of Vehicles Using a License Plate!

In a hypothetical attack scenario, a malicious actor could enter a Kia vehicle's license plate number into a custom dashboard, obtain the victim's information, and then, after about 30 seconds, execute commands on the vehicle.

Is Your Kia Car At Risk? Hackers Could Access Millions Of Vehicles Using a License Plate!

Cybersecurity researchers have revealed a series of now-patched vulnerabilities in Kia vehicles that could have provided access and remote control to hackers simply by using a license plate. “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription,” security researchers Neiko Rivera, Sam Curry, Justin Rhinehart, and Ian Carroll said.

The issues affect almost all vehicles manufactured after 2013 and even allow attackers to secretly access sensitive information such as the victim’s name, phone number, email address and postal address.

---Advertisement---

Basically, this could be misused by the attacker to secretly add themselves as an “invisible” second user of the car without the owner’s knowledge.

Basically, the attacker could abuse this to add themselves as a second “invisible” user in the car without the knowledge of the owner.

---Advertisement---

Millions of Kia Cars Vulnerable to Cyber Attacks

The research says the issues exploit the Kia dealership’s vehicle activation infrastructure (“kiaconnect.kdealer[.]com”) to create a fake account via an HTTP request and then authorise access to generate digital tokens.

The token is then used in conjunction with another HTTP request to a dealership’s APIGW endpoint and a car’s vehicle identification number (VIN) to fetch the vehicle owner’s name, phone number, and email address.

How Hackers Could Unlock Your Kia Car?

Furthermore, the researchers discovered that it is possible to access a victim’s vehicle by simply making four HTTP requests and finally running Internet commands to the vehicle.

  • Generate the dealer token and obtain the “Token” header from the HTTP response using the method above.
  • Obtain the victim’s email address and phone number.
  • Edit the owner’s previous access using the leaked email address and VIN number to add the attacker as the primary account holder.
  • Add the hacker to the victim’s vehicle by adding an email address that they control as the primary owner, which will allow arbitrary commands to be executed.

“From the victim’s side, there was no notification that their vehicle had been accessed nor their access permissions modified,” the researchers pointed out.

“An attacker could resolve someone’s license plate, enter their VIN through the API, then track them passively and send active commands like unlock, start, or honk.”

In a hypothetical attack scenario, a malicious actor could enter a Kia vehicle’s license plate number into a custom dashboard, obtain the victim’s information, and then, after about 30 seconds, execute commands on the vehicle.

Is Your Car Safe in India?

Indians should not panic as this report is currently specific to the US and no proof of such vulnerability has not been found in India. After the revelation in June 2024, Kia patched the shortcomings on August 14, 2024.

“Cars will continue to have vulnerabilities, because in the same way that Meta could introduce a code change which would allow someone to take over your Facebook account, car manufacturers could do the same for your vehicle,” the researchers said.

HISTORY

Written By

Bindiya


Get Breaking News First and Latest Updates from India and around the world on News24. Follow News24 on Facebook, Twitter.

Kia
Related Story

Live News

---Advertisement---


live

Latest LIVE News Trending Today, Real Time Updates: OP Chautala’s Mortal Remains Brought To Teja Khera; Last Rites At 3 PM

Dec 21, 2024
Latest LIVE News Trending Today, Real Time Updates
  • 14:38 (IST) 21 Dec 2024

    Mumbai Boat Accident: Death Toll Rises To 15 After 'Neelkamal' Vessel Collides With Navy Boat

  • 14:36 (IST) 21 Dec 2024

    Rajasthan: Indian Youth Congress Workers Detained In Jaipur

  • 13:15 (IST) 21 Dec 2024

    Russia's Kazan Airport Suspends Flights After Ukrainian Drone Attack: Reports

N24 Shorts Logo

SHORTS

Sports

Heinrich Klaasen’s Net Worth: IPL’s Highest Retained Star – Salary, Stats & Personal Life Revealed!

Heinrich Klaasen is a skillful cricketer known for his adeptness as a wicket-keeper and a swashbuckling batter. Let's see Klaasen's Net Worth, Salary, Stats, and More.

View All Shorts

---Advertisement---

Trending