Kia fixes issue that allowed hackers to access cars using license plate

A security researcher, found that he was able to hack into the brand's connected tech service "Kia Connect"

According to reports, hackers were able to gain control of any Kia model made after 2013 with just its license plate. However, the South Korean carmaker is said to have fixed the issue via an update patch.

As per reports, Sam Curry, a security researcher, found that he was able to hack into the brand's connected tech service "Kia Connect" on virtually every single connected Kia sold in the United States - all within 30 seconds. The cause is apparently due to a flaw in Kia's Application Programming interface.

Curry reportedly figured out the methods dealers use to assign new cars to owners using Kia's KDealer platform. He then found a flaw in the KDealer API, which allowed him to impersonate a dealership looking to register a customer's car. Then, using the car's license plate, Curry was able to pull the car's VIN, which, coupled with the forged dealer request, allowed him access to the car itself.

Once Curry had access to the car, he could essentially lock/unlock the car and fetch information about the owner, including details like phone number, email ID and location of the vehicle. He could even access the car's cameras remotely, all this without the owner ever noticing.

Sam Curry eventually disclosed the flaw to the automaker. Kia's developer managed to rectify the flaw two months later.

Source: InsideEVs