"Millions of Kia Cars Were Vulnerable to Remote Hacking"

According to security researcher Sam Curry, vulnerabilities in a website dedicated to Kia vehicle owners could have allowed attackers to remotely control millions of cars.  Curry noted that the vulnerabilities could have allowed attackers to gain control of key vehicle functions in roughly 30 seconds, using only the car’s license plate.  Furthermore, the bugs allowed the attackers to harvest the victim’s personal information, such as name, address, email address, and phone number, and to create a second user on the vehicle, without the owner’s knowledge.  The issues were reported to Kia in June 2024.  The carmaker acknowledged the flaws and started working on a fix that was implemented in mid-August.  According to Curry, the vulnerabilities could be exploited to send commands to "pretty much any Kia vehicle made after 2013."

SecurityWeek reports: "Millions of Kia Cars Were Vulnerable to Remote Hacking"