In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number.
According to the researchers: “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription.” How was this possible?
Read more…
Source: Malwarebytes Labs
Related:
- Nissan says Red Hat breach affected thousands of customers
December 23, 2025
Japanese car giant Nissan has confirmed losing sensitive data on thousands of people as a result of a third-party supply chain attack. In a press release, the company said the recent attack on Red Hat affected its customers, as well, as the latter was commissioned by Nissan to develop a customer management system for one of ...
- God Mode On: How Kaspersky attacked a vehicle’s head unit modem
December 16, 2025
Kaspersky researchers conducted a security assessment of a modern System-on-Chip (SoC), Unisoc UIS7862A, which features an integrated 2G/3G/4G modem. This SoC can be found in various mobile devices by multiple vendors or, more interestingly, in the head units of modern Chinese vehicles, which are becoming increasingly common on the roads. The head unit is one of ...
- ENBANTEC Cyber Security Conference and Exhibition will be held on 12 May 2026 in Istanbul, Turkey
November 28, 2025
ENBANTEC is a global conference which is one of the most important and prestigious conferences in EMEA region with its focus on Cyber Security, IT Security, Network Security, Data Security, Cloud Security, Mobile Security, Endpoint Security and Identity and Access Management. With 185+ attendees, 40+ speakers, ENBANTEC 2025 Conference was organized very successfully. An intensive ...
- Hyundai IT services breach could put 2.7 million Hyundai, Kia owners in the US at risk
November 7, 2025
Hyundai AutoEver America (HAEA), the carmaker’s IT-services subsidiary servicing the North American region, has confirmed suffering a cyberattack and lost sensitive customer data as a result. In a data breach notification letter recently sent out to affected individuals, HAEA explained that the attack began on February 22, 2025, and lasted until March 2, when the attackers ...
- Jaguar Land Rover hack is costliest cyber attack in UK history
October 22, 2025
The cyber attack on Jaguar Land Rover (JLR) will cost an estimated £1.9bn and be the most economically damaging cyber event in UK history, according to researchers. Experts at the Cyber Monitoring Centre (CMC) have analysed the continuing fallout from the hack, which halted the car giant’s production on 1 September for five weeks and caused ...
- Dutch government seizes control of Chinese-owned chipmaker Nexperia
October 13, 2025
The Dutch government has granted itself the power to intervene in company decisions at Dutch-based Chinese-owned chipmaker Nexperia. The highly unusual step, announced late Sunday, grants the country the power to “halt and reverse” company decisions — meaning Nexperia cannot transfer assets or hire executives without Dutch government approval, according to national media. The move is ...