I can lock and unlock the car that's I don't own. This is slightly worrisome, and me and my partner have just decided not to get a eNiro of our own π
this post was submitted on 01 Jul 2025
265 points (99.6% liked)
Privacy
40404 readers
581 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Just don't get a Kia period. They're notorious for being stolen because their security is shit.
Thatβs wild!!
My brother who was working on buying a Kia EV6 could see and track its location before even signing the paperwork. All you need is the VIN.
On some websites, you can get the VIN with just the plate number.
Of course, the VIN is also displayed on the exterior of most cars anyway
I bought a used ev6 and the previous owner profile was still on there.
Had to send info including proof of purchase and ID to have that old account removed.
This was from an actual Kia dealer that made it a certified pre-owned as well. I don't understand why they didn't have the old account removed.
I don't understand why they didn't have the old account removed.
why bother when you'll go through the hassle for them, I guess
Or they could charge you. When I bought a used Ford the dealer wanted me to pay a $100 fee to change the door keypad code, something I did myself in about 2 minutes.
HO LY FUCK!
Report it to a local tech site. That's a scandal.
Cybersecurity professional here, I'd read up on Kia's responsible disclosure policy, to avoid any potential trouble, and for guidelines on how to disclose it to them and handle this ethically.
https://www.kia.com/eu/vulnerability-disclosure/
Unfortunately they don't do bug bounties, which is too bad.
Edit: I wouldn't listen to people telling you to lock the car, exploit it in other ways or disclosing it to the media first. That is unethical at best and illegal at worst.
This comment is being reported. Did you mean to post a different link?
Oh wow this is very embarassing very sorry about that. Edited to include the proper link.
Thanks!
Yeah iirc Hyundai/Kia are one of the worst in the car industry when it comes to handling user data.
I'll kill myself before I get a car connected to the internet
I used to work for AAA which has a program called GIG (Get It Going) where you can rent a Prius in the Bay Area much like a Lime scooter. They had to stay connected and EVERY SINGLE WEEKEND someone would take one up to hike in the mountains or drive down the coast, lose connection and it would instantly go into lockdown mode. They would have to call for us to tow a dead car they couldnβt even open to get their things out of.
So hey, a bear or crackhead might do the killing for you if you get a WiFi car
I was so happy when the shut down 3G networks killed off a ton of car data planes.
This 100% needs to be reported. First to KIA, then to the media after whatever time is required to pass for responsible disclosure in your country/region.
But think of the shareholder value lost if we invest in that!
Just short it mate.
If you think that's bad, ANYONE CAN DO IT.
You should report this to somewhere like 404 media
I can lock and unlock the car.
Keep it locked once the passenger is out. Maybe then they care.
Nissan does this too. I leased a new Kicks when they came out and HATED it. Seats were terrible, car was underpowered, and some jackass decided to program the cvt to "shift" because Nissan got complaints that the car was stuck in gear. Just learn how a CVT works.
Anyways, 4 years later, I still get emails about monthly maintenance work, tow alarms, and tracking updates. I never asked for them to begin with and I guess I'm stuck with it as a VW guy now.
Meldt het bij tweakers, die willen er vast een artikeltje overschrijven