According to Bloomberg, Videos about the so-called Kia Challenge show mostly teenagers giving instructions on how to unlock certain models of Kia and Hyundai cars. By inserting a USB cable into a broken steering column, TikTok videos show, thieves can hotwire an engine – much like the way that screwdrivers typically come in handy for the same reason. The thefts are possible because some makes of Kia and Hyundai vehicles don’t include anti-theft computer chips in their key systems. The trend is shaping up to be a watershed moment in automotive security.
Jake Moore, ESET’s security specialist commented:
Internet and social media are influencing both the physical and online security of today’s cars. While in the past, obscure skills and knowledge were needed to break into and start a car, today, thieves and anyone else can easily find all that info online and sometimes even on social media – demonstrated by the so-called “Kia challenge”. However, with a growing number of new internet-connected cars, these rather simple real-world approaches can be superseded by cyberattacks that allow for theft on a mass scale.
Several white hat hackers have already found vulnerabilities in smart cars that allowed them to start them, sound their horns, or flash their lights – all done remotely or from close vicinity. Looking at the potential future, technically proficient thieves might be able to use such approaches to steal a whole “fleet” of smart cars in a very short time frame. Unfortunately, there is only little car owners can do about cybersecurity of their vehicles. Apart from class lawsuits based on already happening attacks, users can only hope for governmental regulation that will push car manufacturers to improve security of their products and patch any reported vulnerabilities as quickly as possible.