Thursday, December 5, 2024
HomeCyber Security NewsHyundai, Kia Flaw Lets Attackers Steal Car With a USB Cable

Hyundai, Kia Flaw Lets Attackers Steal Car With a USB Cable

Published on

SIEM as a Service

Car manufacturers Kia and Hyundai have recently taken measures to address concerns over vehicle security following the viral popularity of TikTok videos demonstrating how to easily steal their cars. 

In response, the companies are now offering car owners the option to install steering wheel locks and obtain a software upgrade to enhance the security features of their vehicles.

Last year, a trend known as “Kia Boyz” gained popularity on social media, making popular videos of car thieves taking fun rides in Kia vehicles after breaking into the vehicles. 

- Advertisement - SIEM as a Service

It has been reported that the video clips showing thieves stealing cars have received over 70 million views on TikTok.

New Anti-theft Upgrade Offered

This trend brought attention to the issue of vehicle theft and the potential vulnerabilities of certain car models. A new technology upgrade will soon be available for almost 4 million vehicles as part of a service campaign, with the rollout set to begin on February 14th. 

The upgrade will first be available for over 1 million model-year vehicles and here they are:-

  • 2017-2020 Elantra
  • 2015-2019 Sonata
  • 2020-2021 Venue

In order to ensure timely delivery of the software upgrade to the remaining vehicles affected, the software upgrade is scheduled to be available until June 2023.

This upgrade will be completely free and Hyundai dealers will perform the free upgrade and the installation is expected to take less than an hour.

After the upgrade process is complete, a window decal will be attached to each vehicle to inform potential thieves that the vehicle is now rigged with an advanced anti-theft system.

This measure is designed to deter thieves from attempting to steal the upgraded vehicles, as they will be aware that the new security measures will make it much more difficult to do so.

Here’s what the CEO of Hyundai Motor America, Randy Parker stated:-

“Hyundai is committed to ensuring the quality and integrity of our products through continuous improvement and is pleased to provide affected customers with an additional theft deterrent through this software upgrade.”

“We have prioritized the upgrade’s availability for owners and lessees of our highest-selling vehicles and those most targeted by thieves in order for dealers to service them first.”

Software Upgrade Details

The engine immobilizer is one of the standard safety features installed on all Hyundai vehicles manufactured since November 2021.

However, the upgrade software cannot be installed on some 2011-2022 model-year vehicles that do not have engine immobilizers.

The software upgrade that has been developed for Hyundai and Kia vehicles features standard “turn-key-to-start” ignition systems. So, the upgrade is designed to modify specific vehicle control modules to improve the functionality of the vehicles.

By using the key fob to lock the doors of the vehicle, the factory alarm will be set, and an “ignition kill” feature will be activated. If the vehicle is subjected to the popularized theft mode, then this feature will prevent the vehicle from being started.

In order to deactivate the “ignition kill” feature on the vehicle, customers need to unlock their vehicle with their key fob.

Rollout schedule for the Service Campaign

Here below we have mentioned the complete schedule:-

Phase 1 will start on February 14, 2023, for the following vehicles:

  • 2017-2020 Elantra
  • 2015-2019 Sonata
  • 2020-2021 Venue

Phase 2 will start on June 2023, for the following vehicles:

  • 2018-2022 Accent
  • 2011-2016 Elantra
  • 2021-2022 Elantra
  • 2018-2020 Elantra GT
  • 2011-2014 Genesis Coupe
  • 2018-2022 Kona
  • 2020-2021 Palisade
  • 2013-2018 Santa Fe Sport
  • 2013-2022 Santa Fe
  • 2019 Santa Fe XL
  • 2011-2014 Sonata
  • 2011-2022 Tucson
  • 2012-2017, 2019-2021 Veloster

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...