Millions of KIA vehicles could be hacked & tracked due to website bug

Brons2 said:
Was this actually exploited, or just a possibility stemming from a vulnerability or misconfiguration?
Click to expand...
The group who alerted KIA to it didn't indicate whether it was being exploited in the wild or not, but it wasn't a complex exploit either. KIA hasn't commented and refused to respond to wired, so it appears to be unknown as to that status.
 
Sheer guess once you are in with any credentials you can call their API with a key built out of license plate and state and retrieve data. It might not be completely obvious however they figured out the pattern which must be simple.

It requires you know what you doing/reading not like you are using site as the owner of car….

Reminds me of that first version of knock off twitter called TruthSocial. Once in you could get any data you pleased.
 
  • Haha
Reactions: D60
You must log in or register to reply here.

Similar threads

OVERKILL
Subaru Starlink flaw lets hackers hijack cars
2
Replies
22
Views
1K
Skippy722
OVERKILL
Ivanti VPN appliance breach hits critical mass
Replies
5
Views
1K
PandaBear
StevieC
  • Locked
ICE to track license plates across the US
2 3 4
Replies
67
Views
4K
dnewton3
0
  • Locked
Equifax got hacked - 143 million people affected
2 3 4
Replies
73
Views
15K
oilpsi2high
OVERKILL
  • Locked
Automotive Firmware updates - who does them?
Replies
14
Views
3K
artificialist
Back
Top Bottom