Millions of Kia vehicles can be hacked by simply scanning the license plate

Four security researchers managed to gain almost complete control over Kia vehicles, with remote hacking of almost all of the latest models carried out via a mobile connection. To gain access to any car with the Kia Connect remote control function, an application that scans the license plate was sufficient. Researchers claim that such hacking is possible on all Kia models released after 2014.

Image source: Kia

Hackers have found that the newest cars provide more opportunities for cybercriminals. For example, on recent models, Kia has been able to track the car’s location using GPS, start and stop the engine, lock and unlock the doors, activate the headlights and horn, and even connect to 360-degree cameras.

The researchers were also able to gain access to the car owner’s personal information, such as name, email, Kia Connect password, phone number and address. This level of access was possible even if the owner had not activated a Kia Connect subscription. The only limitation that the tool created by the researchers could not overcome was the immobilizer – it was not possible to make the car drive without a key.

The good news is that researchers notified Kia of the vulnerability back in June, and it was fixed in August. The vulnerability was never used to put real people at risk, the hacking application was tested on the cars of friends and relatives of the researchers, and information about the security gap was published only after it was fixed.

What’s alarming is that remote monitoring systems like Kia Connect are now used by virtually every major automaker, selling millions of vehicles every year around the world. These technologies are designed for the convenience and comfort of owners, but they are also an excellent loophole for attackers.