Kia, Hyundai and Genesis EVs are Under Attack
Kia, Hyundai and Genesis electric vehicles are being targeted by thieves who are exploiting a number of vulnerabilities in the cars’ security systems.
By using handheld hacking devices or even by accessing Kia’s website criminals are able to drive off in a matter of seconds.
I should know. In the early hours of a Monday morning my Kia EV6 was taken from my driveway. Footage from a doorbell camera only captured the moments after the thief had unlocked the car, although my son witnessed the villain standing by the driver’s door for perhaps 30 seconds prior to that.
Within a minute of driving away access to tracking via the Kia Connect app was disabled and the car has not been recovered.
Exactly how it was unlocked and driven away I’ll never know, but given the speed of the theft it is likely to be down to one of two methods.
In the first technique criminals use a handheld device disguised to look like a GameBoy. Touching a door handle would normally activate a handshake protocol between the car and the owner’s key, but the device contains software running an algorithm that calculates the correct code to unlock the vehicle.
“The tool in question is an emulation device, but its sophisticated composition includes a multitude of radio transmission components, designed by hackers in Europe to resemble the classic Nintendo portable console,” explains vehicle crime consultant Dr Ken German.
“This device, usable as soon as the car is woken up by a touch of the door handle, triggers a dialogue protocol between the car and what should be the owner’s key. In a few seconds, it manages to fool the car’s system by simulating being a legitimate key thanks to a specific algorithm. Once the car is unlocked, it can then be started and driven away without incident. To prevent tracking, the vehicle’s connectivity modules are often disabled afterwards, making GPS or manufacturer app tracking impossible. The Hyundai Ioniq 5, Kia EV6, and Genesis GV60 models are mentioned as being among the most vulnerable to this type of instant theft.”
It’s also possible that a signal from the key was captured at some point, however, since the key was inside a signal-blocking Faraday pouch, also inside a Faraday box, that can’t have happened at home.
Most worrying of all is a hack that exploits the car’s internet-connected features. Wired reports of a flaw in the web portal that could allow criminals to trace and unlock a Kia remotely just by entering its number plate into the system.
“Thieves know more about cars than the actual manufacturers,” warns German.
The official line from Kia is that “Cars manufactured since February 2024 have received the necessary hard- and software combination to significantly reduce the risk of being stolen using “keyless” methodologies.” My car was a 2022 model and Kia has not offered advice or warnings to customers of these earlier cars.
“The irony is that most of the people who stole cars now don’t want EVs,” adds German. “If they do, it’s basically for the batteries which they sell on.”
