There for a while, Kia and Hyundai owners couldn’t go a week without receiving some not-so-good news about their cars’ security. This time, a bug with Kia’s web portal allowed white-hat ethical hackers to access millions of vehicles and remotely control their internet-connected features. And before you run out to your late-model Kia and delete every connected app, know that the automaker has created a patch to fix the security vulnerability. Your car will not start on its own. For now.
As Wired reports, a group of independent security researchers informed Kia of the issue in June. The weak security was related to the Kia Connect owner’s portal, an infotainment and telematics service that allows remote access for certain features. Many automakers offer a similar connectivity app for vehicles equipped with advanced telematics systems, all of which feature “connect” or “link” in their names.
The researchers found they could hijack any connected Kia vehicle within 30 seconds by simply scanning the vehicle’s license plate. This enabled them to control the locks, honk the horn, track its location, and activate the remote start feature.