Car safety: Kia Challenge and Hyundai Key found on the web

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,259
Software security in cars – a hot topic. On platforms such as TikTok, a trend known as the Kia Challenge or Kia Boys is celebrating a happy new era – the aim is to steal vehicles from Kia or Hyundai using a USB stick. And I came across the next sloppiness: A blogger searching the web found the private keys for software
Kia Challenge, stole a car
In the US, police got on the trail of a strange occurrence: in St. Petersburg in Florida, 56 cars were stolen in July, according to this tweet. 23 of them belonged to the brands Kia and Hyundai. 41 percent of car thefts to two brands belonging to the same group? In Milwaukee, it was as high as 66 percent, as you can read here.

Apparently, the current Kias can be broken into through the rear window without setting off an alarm. After that, the thieves, who are usually underage, simply break into the vehicle using a USB cable, which is plugged into a socket in the steering column after the trim has been torn off, and go on joyrides. These are then filmed and shared on platforms such as YouTube and Tiktok.
Private key from Hyunday found on the Internet
Access to the vehicle software of passenger cars, e.g. for updates, is protected by a digital signature to prevent unauthorized persons from tampering. The private key for signing is kept well protected by the manufacturers – no one can get at it. Because anyone who has the private key can sign software with the public key. A password provides maximum protection against misuse.

One software developer bought a 2021 Hyundai Ioniq SE in the summer of 2021, a fuel-efficient hybrid vehicle with features like wireless Android Auto/Apple CarPlay, wireless phone charging, heated seats and a sunroof. As interested developers should, he began playing and experimenting with the infotainment system. In this blog post, he describes how he was able to crack the firmware of the infotainment system. In the process, he also came across a private key in files he had downloaded from the Internet (from this Hyundai MOBIS open source site), and was able to extract by brute-force cracked password.
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,464

Comfort and convenience include vulnerability. Even if it's a bit cumbersome, I think the old-fashioned way of turning the key to lock and start is more reliable.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top