Hyundai and Kia car thefts fall sharply after software upgrade, study finds

lemme in@lemm.ee to Technology@lemmy.world – 456 points –
Hyundai and Kia car thefts fall sharply after software upgrade, study finds
cbsnews.com

A social media trend, dubbed the "Kia Challenge," has appeared to compound the automakers' problems in recent years, with people posting videos showing how to steal Hyundai and Kia cars. At its height, the Kia Challenge was linked to at least 14 reported crashes and eight fatalities, according to figures from the National Highway Traffic Safety Administration.

About 9 million vehicles have been impacted by the rash of thefts, including Hyundai Elantras and Sonatas as well as Kia Fortes and Souls. Hyundai and Kia earlier this year agreed to pay $200 million to settle a class-action lawsuit filed by drivers who had their vehicles stolen.

Technology is helping foil car thieves making life miserable for owners of Hyundai and Kia vehicles.

Hyundai and Kia upgraded their cars' anti-theft tech in early 2023. Vehicles equipped with the enhanced software will only start if the owner's key, or an identical duplicate, is in the ignition.

The rate at which the Korean automakers' cars are stolen has fallen by more than half since the companies upgraded their anti-theft software, according to new research from the Highway Loss Data Institute (HLDI). Hyundai and Kia thefts have soared in recent years after criminals discovered that certain car models lacked engine immobilizers — technology that has long been standard in other vehicles.

94

You are viewing a single comment

Hyundai and Kia upgraded their cars' anti-theft tech in early 2023. Vehicles equipped with the enhanced software will only start if the owner's key, or an identical duplicate, is in the ignition.

Fucking.... What? A 2023 anti theft technology upgrade added the space age cutting edge concept of starting the car with... the key?

If my car could start without the key in the bloody ignition I'd be furious, that's what the key is for, haha. You can add extra doohickeys to enhance security, but the first line of defence is the key that starts the car.

Absolute madness.

Watch the channel 5 Kia boys episode. It was really fucking easy to steal kia's n Hyundai's. Took the guy like 30 seconds to do it. You just ripped a piece of plastic off, and jammed a USB cord into the ignition, turned it, and off u went. They encountered one of these updated ones and failed as well.

Warning, the Kia boys are fucking insufferable twats.

https://youtu.be/DJA7jDF7bLE?si=7uoD6USzsuzg0vC2

🤯 this is so fucked up Like, is this cyperpunk coming true?

No this is how every car was stolen prior to the 90s/00s. The "USB cord" is a red herring as the shape of the USB-A port just happens to match the remaining bit of the ignition cylinder once the lock has been removed, but journalists love to hype that part up as if this is some technological attack.

Yeah, u just gotta turn the thing. But the tool of choice by the current gen of thieves is USB 2.x cords because it fit perfectly and is readily available.

I was not talking about the fact of how easy it is to steal, it was more about the society described. Gave me similar feelings like when I watched the first episode of the cyberpunk anime.

always has been. we live in cyberpunk dystopia

Luckily my country is not that far into the cyberpunk transition (yet?) 😮

Keyless start is fucking awesome though, just get in the car and drive. I wouldn't even consider a car without after having one with it. Pretty much all other manufacturers have this in a safe way that doesn't make the cars easier to steal. Its not the keyless start that's the issue, its how they implemented it.

I mean, many new cars don't even have an old school key ignition at all.

A lot of smart key cars are vulnerable to relay attacks. It's not a solved security issue by any means.

Nobody is fucking doing that, though! This isn’t a “oh I will hack this person using a relay attack” attack, it’s some dumb kids breaking into cars using physical measures. They are NOT going to be using a RELAY ATTACK

They are. It’s not incredibly common, but it’s not rare.

My coworker had his car stolen from his driveway. He believes it was a relay attack.

That being said, it’s super easy to mitigate by putting your keys in a metal bin.

AFAIK they're not anymore vulnerable than central locking systems

Yes they are, because keyless listens to the car asking for authorization, so you can amplify the car signal hoping the key is not too far off, and unlock the car without any other work.

What’s more, all keyless cars still have a fob with proximity and if the fob dies, they legally have to have a way to start the car without the fob battery which is why they all have an nfc reader somewhere (usually in a cup holder) so you can put you dead fob on it and the car will start like normal.

1 more...

All keyless start kias and hyundais are/were immune to the Kia boys trick

So what was the exploit then? They could get in to the car without the key?

No engine immobilizer was the ultimate issue. And from what I understand, it was just an issue with models sold in the US, so all this misery was caused by a manufacturer’s cost saving measure.

ETA: To clarify, the cause was a manufacturer’s cost saving measure enabled by the US regulations’ lack of a requirement for engine immobilizers.

Yeah, by breaking the window. Then they rip out the ignition cylinder and turn the electrical switch just like on old cars. They didn't put any kind of electronics into the key to prevent this from happening. Most keys from about 1999+ have an NFC type "chip" in them that prevents the car from starting without a key that is programmed to the car.

Aah, so it actually has absolutely nothing to do with keyless access and driving like most seem to complain about.

Still, it would be cool if they didn't charge hundreds of dollars for a replacement key that costs them a couple bucks.

Til someone uses flipper to clone your key n jack your shit

That’s..not how rolling codes and tight timing requirements work. There are almost zero keyless entry car models that can be unlocked, let alone started, with hardware at the sophistication level of a flipper.

Yeah I did a little homework after I made the comment n realized I was wrong. Didn't get a chance to go back n remove or fix it.

I mainly pushed back because the Flipper Zero is an amazing toy to teach novices young and old about the basics of radios, computing, and cryptography. But they are facing backlash around the world from uneducated, reactionary, “think of the children” mouth breathers and you shouldn’t give those chucklefucks any more ammo in their misinformation belt.

You’re an insane person if you think KIA BOIZ are using a fucking flipper and not opportunistically attacking parked cars hahahaha

That's no different than if you had central locking and a douche nearby (but significantly further away than keyless access and start) to intercept it as you lock/unlock it. Risk of this actually happening to you is so slim, it's not an issue in real life.

1 more...

They were vulnerable because they didn't use chipped keys therefore people could break the ignition cylinder off and rotate the actual switch behind it to start the car. Cars with immobilizers still wouldn't start even if you removed the lock cylinder because the sensor didn't detect the chip. This is basically how most all cars worked prior to the 90s/00s which is where the trope of "using a screwdriver to steal a car" came from.

I'm really curious how they were able to add this in using software alone since you'd need some sort of sensor to detect the key along with keys that have a chip embedded in them.

😄so, my dacia spring can be stolen like that as well? It has one key without even a battery 🤣 (I think) Luckily I live in peaceful Switzerland, so I don’t even have to lock the car overnight..

Edit: it locks the steering wheel if not started, maybe that would be enough?

You might have an immobilizer as no battery is needed in the key, it's just a little chip embedded inside.

As far as the steering wheel lock, I think it can be defeated as well as those were used at least as far back as the 1970s and cars were still stolen then too. I believe people just hammered a screwdriver into the ignition to be able to bypass it.

You should Google your model of car to see if it has an immobilizer.

I see 😁👌🏻 good to know

Yep. No one would have stolen my SAAB anyway, since it was a stick shift, but if someone had tried, they'd have gotten a nasty surprise. On the '80s models the stick shift had a half inch steel pin that locked the gear shift of the car in reverse if a sensor in the ignition didn't sense the key, and tell it to disengage. You could hotwire the car just fine, but I would almost pay to see how you explain to the cops why you're driving down the road in reverse.

I don't know this to be a fact, but we own a Kia targeted by this whole 'challenge' business, and my understanding is that this issue is primarily because remote start was a factory installed feature for most of the generation and the "software update" that enhances security prevents remote starters from working.

I had my Sonata stolen last year. The problem is that, by default, there was neither a key checker nor a steering immobilizer built into the vehicles. These are industry standard features for every car manufacturer... Except Kia and Hyundai. These are required features in every car sold in every Western nation... Except the United States. To have excluded this literal 90s tech from their vehicles when they're so common that no one would ever stop to think about whether their car has them constitutes a serious lie by omission on the part of Kia and Hyundai, in my opinion. If I knew that all you had to do was rip off the ignition and shove something onto a peg to screw off with the car, I would have told the dealer to stick it up his butt.

For those wondering: I had comprehensive insurance, so I was paid the full value of the vehicle after it was totaled. I bought a Toyota Camry with the money and it's a great car. I am never buying Kia or Hyundai cars again and I recommend everyone else avoid them from here on out. Like, if this is what they're willing to do to save $30 per assembled vehicle, what else might be lurking in their newer vehicles that we won't know about until it's too late?

Nope, they just went so fucking cheap that they didn’t even bother verifying the presence of a key to start the car. It’s got nothing to do with technological hacking, it’s just the same basic hot wiring that was pervasive before the invention of computers.

1 more...