A hack that has resulted in stolen vehicles and accidents has been addressed by Hyundai and Kia . Article is from the February Malwarebytes newsletter regarding the software update .

TikTok car theft challenge: Hyundai, Kia fix flaw

Posted: February 17, 2023 by Jovi Umawing

Car manufacturer Hyundai, and its subsidiary Kia, began rolling out a free software update on February 14, 2023, to address a flaw in their anti-theft software, which was highlighted in a social media challenge. The release of the update came nine months after an uptick in car theft of the affected models in the US. Outside the US, victims in Australia also came forward.

“The software updates the theft alarm software logic to extend the length of the alarm sound from 30 seconds to one minute and requires the key to be in the ignition switch to turn the vehicle on,” said the US National Highway Traffic Safety Administration (NHTSA). “The effort is in response to a TikTok social media challenge that has spread nationwide and has resulted in at least 14 reported crashes and eight fatalities.”

The “Kia Challenge” went viral on TikTok in August 2022. Thieves, known as “Kia Boys” or “Kia Boyz”, showed how to bypass Kia’s security system using simple tools like a screwdriver and a USB cable. It is said this method of thieving is so easy because many 2015-2019 Kias and Hyundais lack electronic immobilizers, which use electronic signals to deter thieves from hot-wiring cars.

The teens instructed viewers to forcefully remove the covering of the steering column (located just below the steering wheel) to expose a slot where a USB-A plug then comes into play.

From what we have gathered, the viral TikTok video was a snippet from a Tommy G YouTube documentary entitled Kia Boys Documentary (A Story of Teenage Car Theft). The scene in question was found in the last bit of the video.

Only cars that use keys seem susceptible to this kind of theft. Push-to-start cars, which are vehicles that you start by pushing a button, are immune.

“The software upgrade modifies certain vehicle control modules on Hyundai vehicles equipped with standard ‘turn-key-to-start’ ignition systems,” Hyundai said in a press release. “As a result, locking the doors with the key fob will set the factory alarm and activate an ‘ignition kill’ feature so the vehicles cannot be started when subjected to the popularized theft mode. Customers must use the key fob to unlock their vehicles to deactivate the ‘ignition kill’ feature.”

A total of 8.3 million cars are eligible for the free update. Owners of affected Hyundai and Kia models are encouraged to visit their local dealership to have the software upgrade installed. Updated vehicles also get a windshield decal indicating they’ve been equipped with anti-theft software.

Hyundai will also be releasing the patch in phases, the schedule of which you can view on their web page. For the February 14 release (part of Phase 1), owners of Hyundai 2017-2020 Elantra can receive the update. The model to receive the patch next is 2018-2022 Accent in June 2023 (part of Phase 2). The schedule for the remaining models is yet to be announced.

In the early 2000’s, the Hyundai Excel was the easiest car to steal in Australia. It was to easy that the car company provided all the tools necessary for the car thieves to drive away your car.
Once the thief got inside your car, it took mere seconds to bypass the very merger security and be off into the sunset. I won’t go into the details of what they did or the method they used, but it made this car the number 1 car for all vehicles stolen in Australia for a few years.
Thanks for reminding me that vehicle security should be very near the top of all requirements when one in purchasing both a new and used vehicle.

It depends on where you live. Hereabouts the theft rate is so low (and consequently the insurance) that it would hardly matter. On the other hand a car that gets stuck in the mud every time there is a sprinkle of rain would be of little value.

One of the features of my Hyundai that I find particularly useful is its alternate immobilizer, which takes the form of manual transmission. This added layer of security makes it incredibly challenging for inexperienced joyriders to operate the vehicle, providing me with extra peace of mind knowing that my car is less likely to be stolen.

Or an opportunity to learn.
I’ve had a variety of soft topped 2 seaters of varying quality. All were easy targets despite being manuals. Perhaps we place too much faith in modern technology. I variously used a hidden fuel switch (electric fuel pump), battery isolator, removed the rotor from the distributor etc to be sure in certain locations. There are good reasons why for a modern car such strategies are not practical. In any instance it’s unlikely to hold sway with the insurers. A professionally installed after market device may or may not. It’s a belated positive Hyundai and Kia have responded.

That fewer these days would want a manual there are still those who do.

P.S.
On all things manly we used to judge a truck driver on their prowess with a manual, crash box. Real men (or lady truckers or …).
These days, for those with aspirations for the middle ground - Chrysler Ram brand stopped making manuals in 2019 and the Chevrolet Silverado is auto only. Judgement reserved on the primary anti theft feature - best to borrow one only if it has near to a full fuel tank.

‘real [drivers]’ don’t need syncro first gears and some none, an even more secure proposition. The art of double clutching to shift is long lost with very few exceptions.

I dread buying my next car. Current vehicle is over 20 years old, and has little of the ‘smarts’ of a modern car. Unfortunately, carmakers are not experts in IT or IT security, and so flaws like the one posted by the OP are common.

Think about security when you buy your next car, and about all the integrated ‘smarts’ that might let a hacker gain control of your vehicle through that lovely stereo system. (Yes, that article is from 2015, and that specific problem was addressed - but carmakers have increased the level of smarts in the last eight years.)