Photo: Giktime. The car pictured has nothing to do with the article or a car wash
You do live in sweet, peaceful Israel, so your Kia or Hyundai is parked relatively safely on the streets, but if you lived in the United States, you would have to live in fear of those called “The Kia Boyz”, who, using a screwdriver and a cable with a USB-A connection, could simply steal your your vehicle and vandalize it. Now, hopefully, this delusional story will have an end.
Thousands of thefts and even accidents
During the year 2022, a new TikTok challenge called The Kia Boyz began to emerge, in which young people demonstrate how they hack into certain Kia and Hyundai models with tools that everyone has at home, and sometimes in their bag. The trend is completely out of control, and according to NPR data, has led to an increase of almost 10 times more car thefts of the concern compared to the corresponding period of the previous year in Milwaukee, and quite a few accidents, some of them fatal.
Those Kia Boys discovered a simple way to drive Kia and Hyundai vehicles from the years 2015-2019. Using a screwdriver they would disassemble the plastic behind the steering wheel and the switch area, which would also allow them to take off the switch casing and reveal the cylinder that actually rotates when you insert your matching key into the switch, thus allowing you to close the electrical circuit and start your vehicle. But still, they don’t have a key. So how do they manage to start the car with a USB-A cable?
So that’s it, if you think this is a genius technological hack – you’re giving them too much credit. This is not some sophisticated attack that allows the attackers to connect via a USB cable and Raspberry Pi to the vehicle’s multimedia system, set up a virtual Linux server, sniff data packets sent between the vehicle’s systems, take control of the authentication mechanisms that allow the vehicle to be started and escape.
Remember that cylinder that was revealed in the first part? It’s kind of a little bump. Now take a USB cable with a classic A end, and look at its interior. You see there the gap between the aluminum and the plastic, so the little bump in the switch just fits in that gap, which allows thieves to simply turn the bump as if the USB cable were the key to the vehicle, and start it without any problem.
When a car company offers you to purchase a steering wheel lock from the 80s
The Kia Boys take advantage of the fact that many vehicles in the years 2015-2019 from these manufacturers came without an immobilizer of any kind. No coder, nor an authentication chip inside your key that creates a connection between the ignition mechanism and the key, to make sure you’re actually holding the real key when you start the car. This low-tech hack became viral on Tiktok, and through the branding of “screwdriver and USB” and simple tools, the police in many cities began recommending to drivers to switch to a low-tech solution as well, and to attach a lock to the steering wheel. Like the one your neighbor had there in the 80s-90s. Later, it offered customers a new security kit for $170, plus $500 for the installation fee, and distributed 26,000 steering wheel locks to its users over the past 4 months.
After quite a lot of negative news in the media (and of course on social networks), and countless complaints from drivers, Hyundai (which also manufactures Kia) announced that it will update the alarm software so that it beeps for a minute instead of the current 30 seconds, and in addition, the ignition system will require inserting a key into the switch. As soon as the drivers lock the vehicle doors with their remote, the alarm mechanism will trip and the ignition mechanism will be completely disconnected from the system, which means that the drivers will have to use the remote to start the vehicle as well. According to estimates, about 3.8 million Hyundai vehicles and 4.5 million Hyundai vehicles will be eligible for the free software update – but will have to come to a service center to install it. It’s not a Tesla after all. In addition, those who arrive at the service centers will receive a window sticker that will make it clear to thieves that the vehicle has been updated with anti-theft technology, so that hopefully they will not break the vehicle’s windows to participate in the challenge. Did we tell Wootek, or didn’t we tell Wootek?
If you are wondering what the situation is in Israel – the standard in Israel also requires car manufacturers to install an immobilizer, which actually makes hacking more difficult. See you in Ayalon North.