All it took was knowing the license plate, and millions of KIA cars could be hacked in a matter of seconds. And even though all cars have internet connection (we live in the age of technology, it was bound to happen) this shouldn’t be a problem, but quite the opposite. And after surviving the so-called ‘Kia Boys’, a group of “ethical” hackers have shown how these vehicles still have issues and how easy it is to get into them, and they only needed, as we said, the license plate to access it! Terrifying. We’ll explain everything below.
What are ethical hackers?
Also called white hats, they are people with advanced programming knowledge who use their gift to do good, not harm. In these cases, companies hire them so they can find errors and cybersecurity threats, and fix them. In this case, it was Sam Curry and Neiko Rivera who listed Kia’s vulnerabilities.
Connected car… is it a vulnerable car?
More and more vehicles now offer digital services, like locking or unlocking the car from your phone, adjusting the temperature before getting in… But of course, every new feature added to the car is also a welcome mat for a hacker with bad intentions.
How did they manage to hack millions of cars?
It all starts with the portal Kia offers so users can connect their smartphones to the car. From there, they can use remote commands like locking doors, honking the horn, or starting the engine. But Curry and Rivera discovered that it was possible to trick the system into thinking any phone was the owner’s.
Once inside, they had full control of the vehicle. And the most serious part: the hack worked even if the driver had deactivated the car’s connected services.
The solution?
The researchers were clear. As long as that gap existed, the only way to avoid the risk was to remove the vehicle’s SIM card or fully disable the internal modem. A drastic solution that, of course, puts these systems’ reliability into question.
What did Kia say?
After receiving the warning from these hackers, Kia said it had fixed the vulnerability and that it was reviewing its systems to prevent future breaches, but who trusts them now? The problem is that it’s still unclear how many vehicles were vulnerable or if the flaw could have been exploited before it was discovered. The report says practically all Kia models sold in North America could have been affected… since 2014!!! A figure that gives you chills.
But the problem isn’t exclusive to this brand. There have already been similar attacks on other companies, which forces the entire industry to rethink its digital security priorities.
What if it had been other attackers?
Beyond the technical side, this finding has very serious implications: it’s enough to write down a car’s license plate to track it, know where it is, and potentially control it. This opens the door to possible stalking cases, remote theft, and targeted attacks.
In Curry’s words: “if we hadn’t brought this to Kia’s attention, anyone who knew a person’s license plate could have easily harassed them nonstop”. Imagine having an argument with a driver on the road, and that person decides, on impulse, to monitor your vehicle…
Is it worth staying connected?
This case brings back a growing debate: how much control are we willing to give up for convenience? How much privacy are we willing to sacrifice for these new features? Many brands collect driving data and then sell it to third parties, which has already affected insurance prices in some U.S. states.
Maybe, as experts warn, it’s worth rethinking the real usefulness of these connected services, or at least demanding more transparency and security guarantees.
In the meantime, we should be clear that if the car is smart, safety should be smart too, and our security shouldn’t be the last link in the chain.