A small group of computer hackers have demonstrated a technique to hack and track millions of vehicles as easily as finding a simple bug in a website.
The magazine WIRED reports security researchers revealed that they’d found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the hackers’ own phone or computer.
It says by exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any internet-connected Kia vehicle’s license plate and within seconds gain the ability to track that car’s location, unlock the car, honk its horn, or start its ignition at will.
WIRED says that, after the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability but that the patch is “far from the end of the car industry’s web-based security problems”, with the researchers saying that bug is the second of its kind that they’ve reported to the company.
(Picture –