They're swapping out hardware, which is why they're asking money for this to compensate the labor costs. Not saying this justifies it, but the title is misleading.
Hunh. I know what I'm doing this weekend... Scanning ionic VINs to see if they're vulnerable. I bet I could train YOLO to recognize ionics from a drone camera at 50 ft.
A side question, both this and the VW power unlock payment from the other day, are targeting UK market, so is legislation (lack of it) such in the UK that allows for such practices?
I was just looking at a new Hyundai today. Now I've got something more to consider if they aren't willing to stand behind securing their vehicles at their cost.
Would be interesting to see insurance companies stand on this. Are you expected to pay for the security upgrade or not. Will it be deemed missing as "unpatched - that's your fault".
I want a dumb EV. No infotainment system. Just speakers and a way to plug my device into them. Anything critical to the car should be completely air gapped and require an absolute minimum amount of software, preferably zero.
That’s illegal in the EU, 911 eCall requires an always-on cellular connection with an attached device that records your location. Would you please think of the children?
Does Hyundai consider this as a patch though? I'm wondering if the dealership would present you the bill with a straight face, is that presented as a "more secure" system, or an "additional anti theft device"?
I’ve now had 2 IONIQ 5s stolen in Berlin, the last a couple months ago. Each seemingly using a keyless access hacking device. That’s enough for me to not see a Hyundai or Kia in my future anytime soon.
And I very much liked the IONIQ 5. But if I can’t keep one more than 2 years, what’s the point? I’ve lost all trust in those companies, upgrade or not.
If the ignition and door locks in your vehicle were mistakenly designed in such a way that they are trivially shimmed or could be operated by any key it seems absurd to suggest the customer should pay you to replace these mechanisms with ones that are properly secured. This seems roughly analogous to that situation at least to my understanding.
I don't know about the Hyundai Ioniq, but the Kia Niro has no way to permanently disable keyless entry, which would be the obvious, super easy s/w fix. You can disable it each time you lock your car by holding extra buttons on the fob for a few secs, but it's auto re-enabled next time you unlock. It's everything you need to know before you make your smart decision not to buy a Kia. Cheap(er) for a reason.
But looks from their point of view. It's the most stolen car in the UK. The brand doesn't seem to be suffering much. Having terrible security just helps sales!
Also be aware that homologation means there is no one-sized-fits-all, canonical vehicle for all markets but many variations for different markets with variations in security and safety features. Some markets get proper security measures while others get screwed.
I don't get why companies don't understand how offensive it is to the customer to nickel and dime them, especially after they're already a converted customer. They could easily eat the $60 cost and spin it as positive PR, Apple-style.
It's particularly bad because customers see it as a defect. No one wants to pay full price for defective equipment. The only thing that would make it worse is if this "hack" were reproducible on the flipper zero and they get themselves into another Kia Boys situation.
Hmmm, so recently: ̶ ̶H̶y̶u̶n̶d̶a̶i̶ ̶K̶i̶a̶ ̶V̶o̶l̶k̶s̶w̶a̶g̶e̶n̶ ̶
At this rate, I'll be back to Tesla for any future EV purchase. (Noting that Tesla second-hand prices in Europe seem to have taken a dive over the past while, presumably partly thanks to Elon's shenanighans?)
So, can people tell me what cars with keyless entry systems aren't susceptible to these attacks?
I'm somewhat wary of any of them, but it seems like it's a feature of a lot of new cars, and I can't tell what is "safe" to buy. It was a simple signal amplification thing wasn't it?
Does anyone know if BYD cars suffer from it for example?
The car stealing device is $20k, could someone do some math to see what kind of ROI a criminal could expect if they use it to steal cars and part them out?
This is a violation of UN regulation 155/156 where the vendor must provide free fixes and updates in case of safety or cybersecurity violations.
I'm mentioning this specifically because the CAN bus is involved, which is mandatory to be safety conform and has to be ASIL-C/D conform. If you cannot guarantee that, you will lose the license.
Without conformance to UN Regulation 155/156, the car manufacturer might lose its license for the underlying car platform (not only the downstreamed models), meaning refunding/damages need to be paid for all buyers of cars of that platform.
So chances are this can be fought in court, and Hyundai probably has to offer free replacement of that defective part.
30 comments
[ 1903 ms ] story [ 2080 ms ] threadhttps://www.theverge.com/news/757205/hyundai-ioniq-5-securit...
Weren't they a slightly subversive tech site a decade or so ago?
https://www.rtl-sdr.com/flipperzero-darkweb-firmware-bypasse...
Anyway, that is not what majority want to buy. Even more, a car is not what majority want to buy in the USA. SUV/trucks are desirable.
But looks from their point of view. It's the most stolen car in the UK. The brand doesn't seem to be suffering much. Having terrible security just helps sales!
It's particularly bad because customers see it as a defect. No one wants to pay full price for defective equipment. The only thing that would make it worse is if this "hack" were reproducible on the flipper zero and they get themselves into another Kia Boys situation.
At this rate, I'll be back to Tesla for any future EV purchase. (Noting that Tesla second-hand prices in Europe seem to have taken a dive over the past while, presumably partly thanks to Elon's shenanighans?)
I'm somewhat wary of any of them, but it seems like it's a feature of a lot of new cars, and I can't tell what is "safe" to buy. It was a simple signal amplification thing wasn't it?
Does anyone know if BYD cars suffer from it for example?
I'm mentioning this specifically because the CAN bus is involved, which is mandatory to be safety conform and has to be ASIL-C/D conform. If you cannot guarantee that, you will lose the license.
Without conformance to UN Regulation 155/156, the car manufacturer might lose its license for the underlying car platform (not only the downstreamed models), meaning refunding/damages need to be paid for all buyers of cars of that platform.
So chances are this can be fought in court, and Hyundai probably has to offer free replacement of that defective part.