Skip to main content

Imagine the convenience of starting your car remotely through an app, allowing it to warm up during chilly mornings—it’s a taste of the future many of us have eagerly embraced. However, this interconnectedness brings significant security concerns, as recent findings by a team of researchers have highlighted.

The researchers discovered a vulnerability affecting nearly all recent Kia models equipped with Kia Connect. They developed a mobile application capable of scanning license plates to gain remote access to these vehicles. This exploit works on Kia cars dating back to 2014, with newer models revealing even more functionalities. In particular, the app could track a vehicle’s GPS location, remotely start and stop the engine, lock and unlock doors, activate lights and horns, and even access the vehicle’s 360-degree camera views.

Perhaps most alarming is that the tool could retrieve sensitive information about the car owner, including their name, email, Kia Connect password, phone number, and physical address. Disturbingly, these vulnerabilities were exposed even if the vehicle owner wasn’t subscribed to Kia Connect. The only safeguard in place was an immobilizer, which prevents the car from being driven without a key—although there are known methods to bypass such systems.

Fortunately, the security team, led by researcher Sam Curry, alerted Kia to the issue back in June, and the vulnerability was addressed by August, before any real-world harm could occur. Their testing involved only cars belonging to friends and family, as well as those not actively in use at dealerships or rental agencies.

While such an exploit may seem beyond the grasp of an average user, the researchers demonstrated that even someone with basic computer science skills could penetrate the security measures employed by a manufacturer selling millions of cars worldwide. Curry pointed out a chilling possibility: “If someone cut you off in traffic, you could scan their license plate, track their movements, and potentially gain access to their vehicle.” This scenario underscores the responsibility manufacturers hold in safeguarding the security of their vehicles and their owners.