The comical part was that anyone could go through a completely vanilla registration workflow and become a registered dealer. What the hell were they thinking?
Flaw in Kia’s web portal let researchers track, hack cars
Submitted 1 month ago by return2ozma@lemmy.world to technology@lemmy.world
https://arstechnica.com/cars/2024/09/flaw-in-kia-web-portal-let-researchers-track-hack-cars/
Comments
futatorius@lemm.ee 1 month ago
scytale@lemm.ee 1 month ago
I was gonna say they still need the fob for the car to actually drive it, but saw it mentioned in the article. I don’t have a Kia (used to, but traded it in because of the immobilizer shit), but my car right now has an app to remote-start, but the car itself won’t let you drive it if you don’t have the fob on you while sitting in the driver’s seat.
The group’s web-based Kia hacking technique doesn’t give a hacker access to driving systems like steering or brakes, nor does it overcome the so-called immobilizer that prevents a car from being driven away, even if its ignition is started. It could, however, have been combined with immobilizer-defeating techniques popular among car thieves or used to steal lower-end cars that don’t have immobilizers.
futatorius@lemm.ee 1 month ago
2FA where one of the factors is Bluetooth to the fob might be OK.
kusivittula@sopuli.xyz 1 month ago
internet connection is not a thing a car should even have
jqubed@lemmy.world 1 month ago
They can bring some nice benefits like remote starting in cold (or hot) climates, but there needs to be much better design to minimize the exploitability of these systems.
futatorius@lemm.ee 1 month ago
It’s not a thing a car should require, and even for nice-to-have value-add features, it should be tightly secured, not only from external access but from the manufacturer.