1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Millions of Kia cars could have been hacked due to dealer softwar

    From TechnologyDaily@1337:1/100 to All on Fri Sep 27 12:30:05 2024
    Millions of Kia cars could have been hacked due to dealer software portal flaw

    Date:
    Fri, 27 Sep 2024 11:27:00 +0000

    Description:
    The portal was never released so no harm was done, but the risk was enormous.

    FULL STORY ======================================================================

    A vulnerability in a piece of software could have allowed hackers to
    discover, unlock, and start any Kia vehicle built after 2013, experts have warned.

    The news was broken by cybersecurity researcher and bug bounty hunter Sam Curry, previously known for finding similar flaws in 15 million Ferraris, BMWs, Porches, and other vehicles.

    Curry found a way to grab tokens from the Kia website, which gave him access to a lot of things. After registering an account on the Kia dealership site and logging in, the site gave Curry a token that allowed him access to
    backend dealer APIs. There, with nothing more than license plate numbers, he is able to find the location of any Kia car built after 2013, unlock it,
    honk, start, or stop it completely. Exposing private data

    Furthermore, the token gives him access to plenty of sensitive customer information : full names, phone numbers, email addresses, and postal addresses. Curry was also able to add himself as a second user on any of the vehicles, without the first user knowing.

    "The HTTP response contained the vehicle owner's name, phone number, and
    email address. We were able to authenticate into the dealer portal using our normal app credentials and the modified channel header," Curry said.

    Soon after reporting his findings to the company, Kia patched the hole up: "These vulnerabilities have since been fixed, this tool was never released, and the Kia team has validated this was never exploited maliciously," Curry concluded.

    Ever since software was introduced in personal cars, privacy became a major pain point. Most car makers, including Toyota, or Mercedes, have had data-related incidents in the past.

    Via BleepingComputer More from TechRadar Pro Millions of Toyota drivers have had data exposed - here's what you need to know Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/millions-of-kia-cars-could-have-been-ha cked-due-to-dealer-software-portal-flaw


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)