A critical web vulnerability in a car manufacturer's system has exposed millions of vehicles to potential hacking and tracking. Security researchers found that by exploiting a simple bug in Kia’s web portal, hackers could remotely control key features like unlocking doors, starting engines, and tracking vehicles’ locations using just a license plate number.
This is the second such vulnerability that’s been discovered in Kia’s systems in two years. Similar flaws affecting vehicles from other major brands like Honda, Hyundai, Toyota, and more, have also been identified.
Neiko Rivera, one of the lead researchers, pointed out the state of web security in the auto industry, noting that "web security for vehicles is very poor" and that supposed once-off security issues keep resurfacing. Another researcher, Sam Curry, voiced frustration with the slow progress being made to address these concerns, remarking that while there have been attempts to fix the problem, it remains "broken."
This raises serious concerns about the automotive industry’s web security, as these flaws make vehicles susceptible to theft, harassment, and privacy breaches.
Experts warn that, despite some fixes, the security of internet-connected vehicles remains dangerously inadequate, with more vulnerabilities likely to emerge.
The incident highlights the growing need for stricter web-based security measures in modern vehicles to protect consumers from cyber threats.