Endpoint Security , Hardware / Chip-level Security
Kia and Hyundai Fix TikTok Security Challenge
Vulnerability Potentially Caused Deaths and Thousands of Thefts in the USAuto manufacturers Hyundai and Kia are rolling out a software update aimed at stopping an outbreak of car thefts caused by a trend on social media app TikTok.
See Also: OnDemand | Protecting Devices and Software from Next-Generation Cyberthreats
The "Kia Challenge" went viral on the short-form video-sharing app in mid-2022 after users dubbing themselves "Kia Boyz" discovered how to steal certain Kia cars made in 2011 through 2021 or Hyundai cars made in 2015 through 2021 using nothing except a screwdriver and a male USB Type A connector to turn the mechanical ignition.
The Kia Challenge works because vulnerable car models lack an engine immobilizer or a theft deterrent system. The raft of thefts attributed to the viral challenge led to at least eight deaths and 14 crashes, says the National Highway Traffic Safety Administration.
The software requires the key to be in the ignition switch for the engine to turn on. The Korean carmakers are updating the "theft alarm software logic" to extend the length of the alarm sound from 30 seconds to one minute.
The automakers have made engine immobilizers or anti-theft equipment standard for all models starting in 2022, USA Today reported in June.
Engine immobilizers, which require a wireless signal from the ignition key before the engine can turn over, have greatly decreased the rate of car theft over the past three decades. Cybersecurity company Kaspersky, in research published in 2020, said that they aren't foolproof against carjackers since the encryption used to encode transmissions between the ignition and ignition key can be "very weak."
Owners of the 2017-2020 Elantra, 2015-2019 Sonata and 2020-2021 Venue vehicles are eligible for the update starting this week. Other models, including the Kona, Palisade and Santa Fe vehicles, will be serviced starting in June.