An emergency software update was released for Hyundai and KIA cars, as some models could be hacked and stolen using a USB cable due to a bug. The fact is that last year this problem became viral on TikTok, where users demonstrated car thefts as part of the challenge.
Let me remind you that we also wrote that Volkswagen reports data breach affecting over 3.3 million Audi owners, and also that Mazda’s infotainment systems shut down after listening to a radio station in Seattle.The media also reported that Hackers Who Sold Car Hacking Tools with Keyless Entry Arrested.
Last summer, American law enforcement officers faced a strange problem: teenagers massively stole other people’s cars. It got to the point that in Minnesota, the number of car crimes related to KIA cars increased by 1300%.
A similar situation was recorded in other states: for example, in Los Angeles, the number of thefts of Hyundai and KIA increased by 85% compared to the previous year, and in Chicago the same figure jumped nine times.
As it turned out, the root of this problem lay in the popular TikTok challenge. Then, information was widely disseminated on social networks about how, using a screwdriver and a USB cable connected to a specific connector in a car, you can start the engine of many Hyundai and KIA models without a key.
In essence, the bug was a logical error that allowed the turn-key-to-start system to bypass the immobilizer, which verifies the authenticity of the key transponder code in the car’s ECU. This eventually allowed the hijackers to forcibly activate the ignition using any USB cable and to start the engine.
According to information now released by the National Highway Safety Administration (NHTSA), the vulnerability affects approximately 3.8 million Hyundai vehicles and 4.5 million KIA vehicles. The agency also said that break-ins and car thefts for the TikTok challenge provoked at least 14 confirmed accidents, and eight people died.
Representatives of both car brands have been actively cooperating with US law enforcement since November 2022, in particular, by providing them with tens of thousands of steering locks. But now, thanks to a software update, the vulnerability will be permanently eliminated.
The update will change the logic of the turn-key-to-start system to turn off the ignition when the car owner locks the doors using the original key fob. And the ignition will be activated only if the same key fob is used to unlock the car.
The update will be provided free of charge to all affected vehicles, and patch rollout has already begun, with nearly one million 2017-2020 Elantra, 2015-2019 Sonata and 2020-2021 Venue models receiving updates.
The second phase of the update will be completed by June 2023 and will affect the following models:
- 2018-2022 Accent;
- 2011-2016 Elantra;
- 2021-2022 Elantra;
- 2018-2020 Elantra GT;
- 2011-2014 Genesis Coupe;
- 2018-2022 Kona;
- 2020-2021 Palisade;
- 2013-2018 Santa Fe Sport;
- 2013-2022 Santa Fe;
- 2019 Santa Fe XL;
- 2011-2014 Sonata;
- 2011-2022 Tucson;
- 2012-2017, 2019-2021 Veloster.
It is reported that updates will be installed at authorized dealers, and it will take less than an hour. Moreover, the owners of the affected car models are promised to be notified of the need to install the patch on an individual basis.
For owners of cars without immobilizers who can’t get the update, Hyundai promises to cover the cost of the steering wheel lock.
Hyundai also says that it will provide its customers with special glass stickers that will immediately make it clear to novice car thieves that the software of this car has already been updated, and it is useless to try to hack it for the sake of likes and views on TikTok.
Representatives of KIA also promised to begin rolling out the patches soon, but have not given any specific dates or details yet.
