Link: Researchers reported a flaw in Kia's web portal in June that let them track millions of cars, unlock doors, and start engines; Kia seems to have fixed the issue (Andy Greenberg/Wired)

Hacking into cars' systems has evolved from requiring complex tricks to exploiting simple web portal flaws. Researchers identified a security vulnerability in Kia's customer and dealer portal, allowing them to remotely control features of millions of vehicles.

The group demonstrated their hacking technique to WIRED by hijacking a Kia's functionalities, such as tracking, unlocking, and starting the ignition. This was achieved by misusing dealers' extensive control privileges on the web portal.

After reporting the flaw to Kia, the company patched the issue, yet they remained generally unresponsive about a permanent solution. The researchers warn that similar vulnerabilities persist across other carmakers' websites, posing significant risks.

Car hacking incidents are part of a broad issue involving numerous automakers and models. The exploitability of cars' connected features stems largely from their integration with cloud-based services.

The ongoing discovery of these vulnerabilities highlights a lack of focus on web security compared to traditional automotive cybersecurity. Industry experts advocate for a stronger emphasis on securing these increasingly prevalent web interfaces.

As smart features in cars become standard, manufacturers face pressure to reassess and fortify their cybersecurity strategies. This involves possibly delaying product releases to address web security concerns effectively. #

--

Yoooo, this is a quick note on a link that made me go, WTF? Find all past links here.