Security researchers have uncovered severe vulnerabilities in Kia’s dealer web portal, potentially exposing millions of vehicles to remote hacking. Discovered in June 2024, the flaw allowed attackers to remotely control Kia cars manufactured after 2013 using just the vehicle’s license plate number.

Led by cybersecurity expert Sam Curry, the team found that once they accessed Kia’s backend dealer API via the dealer portal, they could track, unlock, and even start vehicles without the owner’s knowledge. The vulnerability affected cars equipped with remote hardware, regardless of their Kia Connect subscription status.

Also Read: Kia Pakistan Launches Interest-free Installment Plan for Sportage

In a shocking demonstration, researchers created a tool that allowed them to input a car’s license plate and take control of its functions within seconds. Curry noted that affected car owners had no way of knowing their vehicles were being accessed or manipulated, posing serious privacy and security risks.

Kia was alerted to the issue soon after its discovery and has since patched the vulnerability. However, the incident serves as a stark reminder of the growing cybersecurity challenges facing the automotive industry, as more cars become connected to the internet. The team warned that unless manufacturers improve their digital security measures, similar vulnerabilities will likely continue to emerge.