Vulnerabilities/Malwares

Hyundai and Kia patch a bug that allowed USB cable car thefts.

Published

on

An urgent software update is being released by Hyundai and KIA for a number of their automobile models that have been affected by a straightforward hack that makes it possible to steal them.

The announcement from Hyundai reads as follows: “In response to increasing thefts targeting its vehicles without push-button ignitions and immobilizing anti-theft devices in the United States, Hyundai is introducing a free anti-theft software upgrade to prevent the vehicles from starting during a method of theft popularized on TikTok and other social media channels.”

Since July 2022, videos showing how to remove the steering column cover to reveal a USB-A slot that can be used to hotwire the car have been heavily promoted on TikTok as a “challenge.”

The “turn-key-to-start” system can bypass the immobilizer, which verifies the authenticity of the code in the key’s transponder to the car’s ECU, due to a logic flaw. By using any USB cable, thieves can forcefully activate the ignition cylinder and start the vehicle.

The so-called “Kia Challenge” had such a significant impact that Los Angeles saw a sharp 85 percent increase in thefts from the two brands in 2022, while Chicago saw a ninefold increase.

Yesterday, a post from the National Highway Traffic Safety Administration (NHTSA) explained that the security flaw affects approximately 3.8 million Hyundai automobiles and 4.5 million Kia automobiles.

In addition, the agency stated that these hacks have caused at least eight fatalities and 14 confirmed car crashes.

The two automakers have been collaborating with law enforcement agencies across the United States to provide tens of thousands of steering wheel locks since November 2022, when the software was upgraded. However, a software update is now more effective at resolving the security issue.

Over a million 2017-2020 Elantra, 2015-2019 Sonata, and 2020-2021 Venue vehicles will receive the free software upgrade, which began its rollout yesterday.

The following models will complete the second phase of rollout before June 2023:

The free upgrade will be installed in less than an hour on Hyundai’s official dealers and service network in the United States for the 2018-2022 Accent, Elantra, Elantra GT, Elantra, Genesis Coupe, Kona, Palisade, Santa Fe, Santa Fe XL, Sonata, Tucson, 2012-2017, and 2019-2021 Veloster models. The automaker will notify each eligible vehicle owner individually.

According to the announcement, the software update will alter the “turn-key-to-start” logic to disable the ignition when the owner of the vehicle locks the doors with the genuine key fob. After the upgrade, the key fob must be used to unlock the vehicle before the ignition will turn on.

Additionally, Hyundai will provide its customers with a window sticker that informs potential thieves that the vehicle’s software has been upgraded to prevent the social media-promoted hack, deterring any attempts to steal the vehicle.

Hyundai will cover the cost of steering wheel locks for owners of models that do not have engine immobilizers and cannot receive the software upgrade for the problem.

KIA has also stated that it will soon begin the rollout of its software upgrade; however, the company has not yet made any announcements that provide specific dates or specifics.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version