Hey there, have you heard about the recent security scare with Kia cars? It turns out there was a major vulnerability in the Kia dealer portal that put cars and their owners at risk.
Security Flaw Patched In Kia Dealer Portal
A security researcher named Sam Curry uncovered a serious flaw that could have allowed hackers to take control of Kia vehicles.
By exploiting a loophole in the Kia dealer portal, attackers could use a car’s license plate to access its system. This meant they could do things like unlock the car, start or stop it remotely, and even steal the vehicle without the owner knowing.
The issue affected the domain “kiaconnect.kdealer.com,” which is where dealers register vehicles. Hackers could create a dealer account on this domain and gain access to sensitive information about vehicle owners.
Curry and his team were able to register a dealer account using the same method as registering on Kia’s official website. This allowed them to access the owner’s personal details and make changes to the vehicle’s registration.
After demonstrating the attack in a video, the researchers notified Kia about the vulnerability in June 2024. Kia acted swiftly and patched the flaw by August 2024, securing the affected vehicles.
It’s a reminder of the importance of cybersecurity in today’s connected world. Let us know your thoughts in the comments below!
