Why is it okay for Kia/manufacturers to spy on our cars, and only a problem when others do it? This attitude is pervasive in reporting on hacks like these - the initial spying by corporations is always given a pass (or rather, it is implied that's not even "tracking", as the title implies the tracking happened only after the hack).
It's... interesting to see just how easy it is to access this functionality if the VIN check is bypassed.
Will it ever be possible to have a non-connected car? If so, how? What would it actually take? This is not a ranty rhetorical question -- I'm actually wondering.
Kia still has a lot of work to do because of bad decisions, but at least my vehicle isn't ripe for theft/abuse.
There have been demonstrations of hacking cars remotely to gain control of it. You could quite literally kill someone this way. This should 100% be the responsibility of the car maker.
Why do we let these companies get away with poor security? It's well beyond time we hold them financially and legally responsible for foreseeable outcomes from poor security practices.
That doesn't mean any vulnerability incurs liability necessarily. A 0day might not meet the bar for gross negligence. But what if you were told about the vulnerability and refused to upate the software for 2 years because a recall like that costs money? Or what if you released software using versions with known vulnerabilities because you don't want to pay for upgrading all the dependencies?
I have a Kia Niro EV Wind 2024 and just cancelled my account at Kia Connect.
Yes, I felt stupid. But a little less stupid now.
Edit: does anyone know how I could disable Kia's remote access to my car? Is there any antenna I could cover with tin foil or a chip that can be disconnected?
There is a great Channel 5 documentary on youtube about it, definitely recommend to check it!
You should be able to take out the internet connectivity as a consumer. The fact that this exploit worked even if the consumer wasn’t subscribed is wild.
Car companies just can’t do tech.
I guess that exists to make life easier for police. And because all patrol car laptops nation-wide need this, it really can't be authenticated meaningfully?
https://www.youtube.com/watch?v=1n0AI5aemUY
"I never hear the ancaps and the hardcore libertarians in my comments section... complain about Section 1201 of the DMCA. I wish I did more often."
But wait, they patched this! Yeah, but they also shipped it.