Kia, Hyundai and Genesis electric vehicles are being targeted by thieves who are exploiting a number of vulnerabilities in the cars’ security systems.
By using handheld hacking devices or even by accessing Kia’s website criminals are able to drive off in a matter of seconds.
I should know. In the early hours of a Monday morning my Kia EV6 was taken from my driveway. Footage from a doorbell camera only captured the moments after the thief had unlocked the car, although my son witnessed the villain standing by the driver’s door for perhaps 30 seconds prior to that.
Within a minute of driving away access to tracking via the Kia Connect app was disabled and the car has not been recovered.
Exactly how it was unlocked and driven away I’ll never know, but given the speed of the theft it is likely to be down to one of two methods.
In the first technique criminals use a handheld device disguised to look like a GameBoy. Touching a door handle would normally activate a handshake protocol between the car and the owner’s key, but the device contains software running an algorithm that calculates the correct code to unlock the vehicle.
“The tool in question is an emulation device, but its sophisticated composition includes a multitude of radio transmission components, designed by hackers in Europe to resemble the classic Nintendo portable console,” explains vehicle crime consultant Dr Ken German.
“This device, usable as soon as the car is woken up by a touch of the door handle, triggers a dialogue protocol between the car and what should be the owner’s key. In a few seconds, it manages to fool the car’s system by simulating being a legitimate key thanks to a specific algorithm. Once the car is unlocked, it can then be started and driven away without incident. To prevent tracking, the vehicle’s connectivity modules are often disabled afterwards, making GPS or manufacturer app tracking impossible. The Hyundai Ioniq 5 , Kia EV6, and Genesis GV60 models are mentioned as being among the most vulnerable to this type of instant theft.”
It’s also possible that a signal from the key was captured at some point, however, since the key was inside a signal-blocking Faraday pouch, inside a Faraday box that can’t have happened at home.
Most worrying of all is a hack that exploits the car’s internet-connected features. Wired reports of a flaw in the web portal that could allow criminals to trace and unlock a Kia remotely just by entering its number plate into the system.
“Thieves know more about cars than the actual manufacturers,” warns German.
The official line from Kia is that “Cars manufactured since February 2024 have received the necessary hard- and software combination to significantly reduce the risk of being stolen using “keyless” methodologies.” My car was a 2022 model and Kia has not offered advice or warnings to customers of these earlier cars.
“The irony is that most of the people who want stolen cars now don’t want EVs,” adds German. “If they do, it’s basically for the batteries which they sell on.”
Exactly the same thing happened to me on Monday evening. Car was taken from outside my house I’ve got a ’22 EV6. Luckily they didn’t disable the find my car feature on my car so I was able to find it and bring it back home. I have since got a pouch for keys and a steering wheel lock. When I have called Kia to ask them what they want to do about this flawed system of their cars they have no answer and was told to get a wheel lock and that was about it. Absolutely disgusted with Kia and how they have not looked to fix this issue which has been clearly been going on for months and months from online searches.
Sorry to hear it happened to you as well, but glad you got the car back. You’ve definitely done the right thing by securing the keys and getting a steering lock. Old school protection clearly beats new technology!