Jump to content
  • Hyundai, Kia patch bug allowing car thefts with a USB cable

    Karlston

    • 516 views
    • 3 minutes
     Share


    • 516 views
    • 3 minutes

    Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an easy hack that makes it possible to steal them.

     

    "In response to increasing thefts targeting its vehicles without push-button ignitions and immobilizing anti-theft devices in the United States, Hyundai is introducing a free anti-theft software upgrade to prevent the vehicles from starting during a method of theft popularized on TikTok and other social media channels," reads Hyundai's announcement.

     

    The car hack has been heavily promoted on TikTok as a "challenge" since July 2022, with videos showing how to remove the steering column cover to reveal a USB-A slot that can be used to hotwire the car.

     

    The issue lies in a logic flaw that allows the "turn-key-to-start" system to bypass the immobilizer that verifies the authenticity of the code in the key's transponder to the car's ECU. This allows thieves to forcibly activate the ignition cylinder using any USB cable to start the vehicle.

     

    The impact of the so-called "Kia Challenge" was so significant that in Los Angeles, the two brands had a steep 85% increase in thefts in 2022 compared to the previous year, while Chicago reported a nine-fold rise for the same.

     

    The United States Department of Transportation (NHTSA) published a post yesterday explaining that the security flaw impacts approximately 3.8 million Hyundai vehicles and 4.5 million KIA cars.

     

    The agency also stated that these hacks have resulted in at least 14 confirmed car crashes and eight fatalities.

    Software upgrade underway

    Since November 2022, the two car brands have been working with law enforcement agencies across the United States to provide tens of thousands of steering wheel locks. Still, a software update will now better solve the security problem.

     

    The software upgrade will be provided free of charge for all impacted vehicles, with the rollout starting yesterday to more than 1 million 2017-2020 Elantra, 2015-2019 Sonata, and 2020-2021 Venue cars.

     

    The second rollout phase will be completed until June 2023 and will be for the following models:

     

    • 2018-2022 Accent
    • 2011-2016 Elantra
    • 2021-2022 Elantra
    • 2018-2020 Elantra GT
    • 2011-2014 Genesis Coupe
    • 2018-2022 Kona
    • 2020-2021 Palisade
    • 2013-2018 Santa Fe Sport
    • 2013-2022 Santa Fe
    • 2019 Santa Fe XL
    • 2011-2014 Sonata
    • 2011-2022 Tucson
    • 2012-2017, 2019-2021 Veloster

     

    The free upgrade will be installed on Hyundai's official dealers and service network in the U.S. and will take less than an hour. Eligible car owners will be notified by the carmaker individually.

     

    The announcement explains that the software upgrade will modify the "turn-key-to-start" logic to kill the ignition when the car owner locks the doors using the genuine key fob. After the upgrade, the ignition will only activate if the key fob is used to unlock the vehicle.

     

    Hyundai will also supply its customers with a window sticker that makes it clear to aspiring thieves that the car's software has been upgraded to neutralize the social-media-promoted hack, discouraging any attempts.

     

    For models with no engine immobilizers that cannot receive the fixing software upgrade, Hyundai will cover the cost of steering wheel locks for their owners.

     

    KIA has also promised to start the rollout of its software upgrade soon but has not released any announcements with specific dates or details yet.

     

     

    Hyundai, Kia patch bug allowing car thefts with a USB cable


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...