Kia Fixes Major Security Flaw Allowing Hackers to Unlock and Start Cars Using License Plates

A vulnerability in Kia's web portal enabled researchers to remotely control connected car features, exposing millions of vehicles to potential theft and privacy breaches.

Kia patched the vulnerability in August after it was disclosed by security researchers in June.
The flaw allowed attackers to unlock, start, and track virtually any Kia vehicle made after 2013 using just the license plate number.
Researchers exploited a bug in Kia's dealer system API, which failed to verify user permissions properly.
The attack also exposed personal information of Kia owners, including names, phone numbers, and vehicle locations.
This incident highlights broader concerns about the cybersecurity of connected vehicles and the need for robust protections.