Hack a TeslaTesla or any other connected car is not a new thing. But generally, hacking mainly concerns systems connected to the Internet and this does not really have any consequences on taking full control of the vehicle while driving. Although some attempts were successful, it took a lot of time and reverse engineering to achieve this. And then, the manufacturers whose flaws were discovered have since corrected the situation… or almost.
Futura explained how hackers were able to remotely hack vehicles from the Ferrari, BMW, Rolls Royce, Mercedes-Benz, or Porsche brands due to web portals dedicated to customer relations. Today, it is again thanks to a breach in a portal of the manufacturer Kia that cybersecurity researchers have managed to track millions of vehicles from the brand. They were also able to remotely activate the unlocking of portesportes and even start the engines. More specifically, thanks to the vulnerability, the remote control functionalities available on theapplicationapplication Kia for vehicle owner’s smartphone, were reattributed to researchers.
With his “home” application, Sam Curry shows how he can remotely control virtually all Kia brand vehicles marketed since 2013. © Sam Curry
An air of deja vu
It was from the license plate of a Kia alone that, thanks to their own personalized application, the researchers were able to achieve this remote control. They could therefore locate the vehicle, unlock it, start the engine or even make it honk the horn. Researchers took care to alert Kia to this flaw in June and since then, the brand seems to have closed it. But this is not the first time that this manipulation has worked. As Futura reported, this vulnerability was already present at the beginning of 2023 among many brands. The matter was revealed by Sam Curry, a security expert and it is he who has just confirmed that this flaw persists around the manufacturers’ web portals.
So, as always, it is not possible to access critical driving systems, such as, for example, operating the brakes or steering. On the other hand, this type of process could be used to steal or immobilize targeted cars, or even blackmail the owner of a car. Indeed, the flaw in the web portal also made it possible to have customers’ personal information, their email address, their telephone number, their address and even their travel history. In the end, this recidivismrecidivism shows once again that cybersecurity remains the weak link in the industry automobileautomobile.
Related News :