A hack that has resulted in stolen vehicles and accidents has been addressed by Hyundai and Kia . Article is from the February Malwarebytes newsletter regarding the software update .
TikTok car theft challenge: Hyundai, Kia fix flaw
Posted: February 17, 2023 by Jovi Umawing
Car manufacturer Hyundai, and its subsidiary Kia, began rolling out a free software update on February 14, 2023, to address a flaw in their anti-theft software, which was highlighted in a social media challenge. The release of the update came nine months after an uptick in car theft of the affected models in the US. Outside the US, victims in Australia also came forward.
“The software updates the theft alarm software logic to extend the length of the alarm sound from 30 seconds to one minute and requires the key to be in the ignition switch to turn the vehicle on,” said the US National Highway Traffic Safety Administration (NHTSA). “The effort is in response to a TikTok social media challenge that has spread nationwide and has resulted in at least 14 reported crashes and eight fatalities.”
The “Kia Challenge” went viral on TikTok in August 2022. Thieves, known as “Kia Boys” or “Kia Boyz”, showed how to bypass Kia’s security system using simple tools like a screwdriver and a USB cable. It is said this method of thieving is so easy because many 2015-2019 Kias and Hyundais lack electronic immobilizers, which use electronic signals to deter thieves from hot-wiring cars.
The teens instructed viewers to forcefully remove the covering of the steering column (located just below the steering wheel) to expose a slot where a USB-A plug then comes into play.
From what we have gathered, the viral TikTok video was a snippet from a Tommy G YouTube documentary entitled Kia Boys Documentary (A Story of Teenage Car Theft). The scene in question was found in the last bit of the video.
Only cars that use keys seem susceptible to this kind of theft. Push-to-start cars, which are vehicles that you start by pushing a button, are immune.
“The software upgrade modifies certain vehicle control modules on Hyundai vehicles equipped with standard ‘turn-key-to-start’ ignition systems,” Hyundai said in a press release. “As a result, locking the doors with the key fob will set the factory alarm and activate an ‘ignition kill’ feature so the vehicles cannot be started when subjected to the popularized theft mode. Customers must use the key fob to unlock their vehicles to deactivate the ‘ignition kill’ feature.”
A total of 8.3 million cars are eligible for the free update. Owners of affected Hyundai and Kia models are encouraged to visit their local dealership to have the software upgrade installed. Updated vehicles also get a windshield decal indicating they’ve been equipped with anti-theft software.
Hyundai will also be releasing the patch in phases, the schedule of which you can view on their web page. For the February 14 release (part of Phase 1), owners of Hyundai 2017-2020 Elantra can receive the update. The model to receive the patch next is 2018-2022 Accent in June 2023 (part of Phase 2). The schedule for the remaining models is yet to be announced.