Hyundai and Kia cars could be stolen with just a USB cable

As many as four million Hyundai vehicles without push-button start and immobilizing anti-theft devices in the US are being targeted in the latest round of automotive attacks, with TikTok getting the blame.

The so-called ‘challenge’ on social media has uncovered how criminals can remove the steering column cover of certain models, uncovering a USB port that they can use to hotwire the car.

According to Los Angeles officials, the ‘Kia Boyz’ challenge resulted in a substantial 85% increase in the theft of Hyundai and Kia models compared with the previous year (via CNBC).

Hyundai and Kia thefts

In an announcement, Hyundai said that “all Hyundai vehicles produced since November 2021 are equipped with an engine immobilizer as standard equipment”. Despite this, the list of affected models is extensive:

  • 2017-2020 Elantra
  • 2015-2019 Sonata
  • 2020-2021 Venue
  • 2018-2022 Accent
  • 2011-2016 Elantra
  • 2021-2022 Elantra
  • 2018-2020 Elantra GT
  • 2011-2014 Genesis Coupe
  • 2018-2022 Kona
  • 2020-2021 Palisade
  • 2013-2018 Santa Fe Sport
  • 2013-2022 Santa Fe
  • 2019 Santa Fe XL
  • 2011-2014 Sonata
  • 2011-2022 Tucson
  • 2012-2017, 2019-2021 Veloster

The first three models emphasized in italics in the above list are already eligible for a software update, which must be performed at an authorized dealership and can take as long as an hour. The remaining models are expected to get a patch by June 2023.

In the meantime, Hyundai promises to be distributing free steering wheel locks to law enforcement agencies, which are to be supplied to owners and leasers of affected models. It will also install window stickers on fixed vehicles to notify criminals of their upgraded security. However, there are some models that cannot accommodate the software fix. The company says:

“For these customers, Hyundai is finalizing a program to reimburse them for their purchase of steering wheel locks. Hyundai will provide these customers with more detail in the very near future.”

Hyundai has set up a dedicated website for owners of the affected vehicles to check their vehicle identification numbers (VINs) and schedule the service.

Kia (part of the Hyundai Motor Group) is also reportedly affected by the hack and is due to issue a statement soon (via Bleeping Computer).

Go to Source