Get the latest tech news
Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug
Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.
When the researchers sent commands directly to the API of that website—the interface that allows users to interact with its underlying data—they say they found that there was nothing preventing them from accessing the privileges of a Kia dealer, such as assigning or reassigning control of the vehicles' features to any customer account they created. In January 2023, they published the initial results of their work, an enormous collection of web vulnerabilities affecting Kia, Honda, Infiniti, Nissan, Acura, Mercedes-Benz, Hyundai, Genesis, BMW, Rolls Royce, and Ferrari—all of which they had reported to the automakers. The extraordinary number of vulnerabilities in carmakers' websites that allow remote control of vehicles is a direct result of companies' push to appeal to consumers—particularly young ones—with smartphone-enabled features, says Stefan Savage, a professor of computer science at UC San Diego whose research team was the first to hack a car's steering and brakes over the internet in 2010.
Or read this on Wired/cdn.vox-cdn.com/uploads/chorus_asset/file/23267910/jtuohy_220222_5043_0004.jpg)
