For a while there, come on And Hyundai “Not a week goes by without owners getting some good news about their cars.” Security. This time, a bug with Kia’s web portal allowed white-hat ethical hackers to gain access to millions of vehicles and remotely control their Internet-connected features. And before you reach into your late-model Kia and delete every connected app, know that the automaker has released a patch to address the security vulnerability. Your vehicle will not start on its own. For now.

As Wired According to the report, a group of independent security researchers alerted Kia to the issue in June. The security vulnerability was related to the Kia Connect owner portal. Infotainment and a telematics service that allows remote access to certain features. Many automakers offer similar connectivity apps for vehicles equipped with advanced telematics systems, all of which feature “Connect” or “Link” in their names.

hqdefault

Researchers found they could hijack any connected Kia vehicle within 30 seconds by scanning the vehicle’s license plate. This enabled him to control the locks, sound the horn, track his location and activate the remote start feature.

gave Cyber ​​attacks However, it does not allow access to driving-related systems, such as brakes or steering, or the engine immobilizer ( Viral Hyundai Group headache). But there’s almost always a loophole, and inquisitive criminals can combine remote hacking with in-car security breaches. Car theft. Or, maybe it’s not about the car in the first place but identity theft. A vehicle owner, with a security violation Personal Information is up for grabs.

“The more we looked into it, the more it became clear that web security for vehicles is very poor,” said Nico Rivera, one of the car telematics researchers and a former Raven employee. “Over and over again, these one-sided issues keep coming up,” added Sam Currie, another member of the research group. “It’s been two years. There’s been a lot of work done to fix this problem, but it still feels really broken.

The group has actually worked on its own security research for the past few years, with another Kia security flaw discovered last year. But his research has less to do with Kia and more with connected car security as a whole. In June, the group learned it could gain access. Lexus And Toyota Vehicles similar to what he did with Kias. However, in January 2023, the group released a massive report that affected a number of automakers, including Acura, BMW, The fugitive, birth, Honda., Infinity, Mercedes-Benz, Nissanand Rolls Royce. After confirming initial results from multiple tests, the group always shares the hacking technique with the automaker.

And so it is The Internet of Things. Convenience is appealing and, let’s face it, a big marketing sell. But at what cost? Is your personal information being used to track you when you cut someone off in traffic, are a left-lane hogger, or are they having a bad day and you’re in their way? Losing control of your vehicle, whether just to keep the climate control or power windows on? The World Wide Web is still the Wild, Wild West.

During his time at Rivian, Rivera found that automakers focused more on “embedded” devices, things connected to the cloud in non-traditional computer environments, as opposed to cybersecurity for two less technical reasons: time and money.

“From the moment I started, it was clear that there was a clear distinction between embedded security and web security in the auto industry,” Rivera said. “These two things often go hand in hand, but people only have experience in one or the other.”

You can learn more about the group’s recent Kia hacking research. Here And about the massive hack from January 2023 Here.



Source link