• edric@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    2 months ago

    I was gonna say they still need the fob for the car to actually drive it, but saw it mentioned in the article. I don’t have a Kia (used to, but traded it in because of the immobilizer shit), but my car right now has an app to remote-start, but the car itself won’t let you drive it if you don’t have the fob on you while sitting in the driver’s seat.

    The group’s web-based Kia hacking technique doesn’t give a hacker access to driving systems like steering or brakes, nor does it overcome the so-called immobilizer that prevents a car from being driven away, even if its ignition is started. It could, however, have been combined with immobilizer-defeating techniques popular among car thieves or used to steal lower-end cars that don’t have immobilizers.

    But yes, that’s just bad security.

    • schizo@forum.uncomfortable.business
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      2 months ago

      It’s still mindboggling that Kia sells any cars without immobilizers.

      I get they’re cheap cars and the way they’re cheap is to skimp on everything but uh, maybe that’s not the right place to skimp?

    • futatorius@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      2 months ago

      2FA where one of the factors is Bluetooth to the fob might be OK, assuming the Bluetooth link is secured in some way.