ArtisticSoul Posted October 1 Share Posted October 1 https://samcurry.net/hacking-kia It is a remarkable era; nonetheless, it is regrettable that yet another carmaker has executed software ineffectively. (or Kia choose to neglect security once again) This particular vulnerability has been addressed and is now regarded as a mere proof-of-concept; nonetheless, the possibility of further problems emerging or being added in the future, as is common with software, remains an open topic. Summary - Inadequate internet security, characterized by insufficient authentication measures, allowed a license plate/VIN to provide access to the door lock, horn, start/stop controls, personal information, and the vehicle's current position. Thus, it is not quite "hacking" in the conventional sense, but it achieves the same outcome! An active Kia Connect membership was not necessary - disable your cellular connection if you own one, individuals! Link to comment Share on other sites More sharing options...
SneakerHead Posted October 1 Share Posted October 1 Intriguing, however the majority of contemporary vehicles include some kind of communication capability with a central system. If it works on one, it is likely to function on others as well. Link to comment Share on other sites More sharing options...
ArtisticSoul Posted October 1 Author Share Posted October 1 The Kia online site had very inadequate security, enabling this occurrence. The researchers are already experimenting with further examples, so it is likely that more may emerge in the future; nonetheless, this instance much surpasses previous prior automotive hacking incidents in terms of foolishness and negligence. Despite the automobile industry's overall deficiencies, Kia should not be excused on the grounds that "others may also be susceptible." Link to comment Share on other sites More sharing options...
ClassicGamer Posted October 1 Share Posted October 1 All individuals are susceptible to hacking and data breaches. Link to comment Share on other sites More sharing options...
ClassicGamer Posted October 1 Share Posted October 1 https://www.bleepingcomputer.com/news/security/toyota-confirms-third-party-data-breach-impacting-customers/ Link to comment Share on other sites More sharing options...
ArtisticSoul Posted October 1 Author Share Posted October 1 This constitutes data loss. The method of data access remains ambiguous, often varying from a significant barrier to entry requiring "actual" hacking to exploitation of a misconfiguration. Still detrimental, however not equivalent to essentially unprotected remote vehicle control. There are further examples of manufacturers failing, such as Mazda's radio supplier neglecting to sanitize inputs from radio stations and GM's Colorado experiencing battery depletion due to OTA updates. The notorious Jeep Cherokee hack required many intricate procedures to implement, however the hackers have more access over the car in that instance than what is afforded via Kia Connect. Link to comment Share on other sites More sharing options...
GadgetGuru Posted October 1 Share Posted October 1 The specifics of how it was "rectified in August" are not disclosed; nonetheless, the hackers effectively duplicated Kia Connect capabilities using their own application, enabling them to manipulate automobiles for which the owner lacked a Connect membership. That is logical, since all vehicles must be "Connect-ready," regardless of whether the features are used. Having spent over 40 years in IT and seeing several transformations as an increasing number of devices became Wi-Fi-enabled for remote access and interaction, I found this piece both intriguing and somewhat unsettling. I am adding this here due to our recent conversations about Connect functionality. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now