A social media trend, dubbed the “Kia Challenge,” has appeared to compound the automakers’ problems in recent years, with people posting videos showing how to steal Hyundai and Kia cars. At its height, the Kia Challenge was linked to at least 14 reported crashes and eight fatalities, according to figures from the National Highway Traffic Safety Administration.

About 9 million vehicles have been impacted by the rash of thefts, including Hyundai Elantras and Sonatas as well as Kia Fortes and Souls. Hyundai and Kia earlier this year agreed to pay $200 million to settle a class-action lawsuit filed by drivers who had their vehicles stolen.

Technology is helping foil car thieves making life miserable for owners of Hyundai and Kia vehicles.

Hyundai and Kia upgraded their cars’ anti-theft tech in early 2023. Vehicles equipped with the enhanced software will only start if the owner’s key, or an identical duplicate, is in the ignition.

The rate at which the Korean automakers’ cars are stolen has fallen by more than half since the companies upgraded their anti-theft software, according to new research from the Highway Loss Data Institute (HLDI). Hyundai and Kia thefts have soared in recent years after criminals discovered that certain car models lacked engine immobilizers — technology that has long been standard in other vehicles.

  • edric@lemm.ee
    link
    fedilink
    English
    arrow-up
    107
    ·
    5 months ago

    You’ll still get a broken window and steering column because the thieves can’t tell if the car has had the update or not and will still attempt to steal it.

    • stick2urgunz88@lemm.ee
      link
      fedilink
      English
      arrow-up
      80
      ·
      5 months ago

      I have a Kia and got the software upgrade; they put a little red sticker on your windows saying the vehicle is equipped with anti-theft software.

      But something tells me most thieves aren’t checking for a sticker before they smash the window…

    • JWBananas@lemmy.world
      link
      fedilink
      English
      arrow-up
      41
      ·
      5 months ago

      Can confirm. Happened to a friend within the past month. Theirs wasn’t even on the list of affected models.

  • Obinice@lemmy.world
    link
    fedilink
    English
    arrow-up
    105
    arrow-down
    2
    ·
    5 months ago

    Hyundai and Kia upgraded their cars’ anti-theft tech in early 2023. Vehicles equipped with the enhanced software will only start if the owner’s key, or an identical duplicate, is in the ignition.

    Fucking… What? A 2023 anti theft technology upgrade added the space age cutting edge concept of starting the car with… the key?

    If my car could start without the key in the bloody ignition I’d be furious, that’s what the key is for, haha. You can add extra doohickeys to enhance security, but the first line of defence is the key that starts the car.

    Absolute madness.

    • Raiderkev@lemmy.world
      link
      fedilink
      English
      arrow-up
      37
      ·
      5 months ago

      Watch the channel 5 Kia boys episode. It was really fucking easy to steal kia’s n Hyundai’s. Took the guy like 30 seconds to do it. You just ripped a piece of plastic off, and jammed a USB cord into the ignition, turned it, and off u went. They encountered one of these updated ones and failed as well.

      Warning, the Kia boys are fucking insufferable twats.

      https://youtu.be/DJA7jDF7bLE?si=7uoD6USzsuzg0vC2

      • Petter1@lemm.ee
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        5 months ago

        🤯 this is so fucked up Like, is this cyperpunk coming true?

        • ShepherdPie@midwest.social
          link
          fedilink
          English
          arrow-up
          15
          ·
          5 months ago

          No this is how every car was stolen prior to the 90s/00s. The “USB cord” is a red herring as the shape of the USB-A port just happens to match the remaining bit of the ignition cylinder once the lock has been removed, but journalists love to hype that part up as if this is some technological attack.

          • Raiderkev@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            Yeah, u just gotta turn the thing. But the tool of choice by the current gen of thieves is USB 2.x cords because it fit perfectly and is readily available.

          • Petter1@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            4 months ago

            I was not talking about the fact of how easy it is to steal, it was more about the society described. Gave me similar feelings like when I watched the first episode of the cyberpunk anime.

          • Petter1@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            5 months ago

            Luckily my country is not that far into the cyberpunk transition (yet?) 😮

    • Grippler@feddit.dk
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      4
      ·
      edit-2
      5 months ago

      Keyless start is fucking awesome though, just get in the car and drive. I wouldn’t even consider a car without after having one with it. Pretty much all other manufacturers have this in a safe way that doesn’t make the cars easier to steal. Its not the keyless start that’s the issue, its how they implemented it.

      I mean, many new cars don’t even have an old school key ignition at all.

      • AceBonobo@lemmy.world
        link
        fedilink
        English
        arrow-up
        18
        arrow-down
        1
        ·
        5 months ago

        A lot of smart key cars are vulnerable to relay attacks. It’s not a solved security issue by any means.

        • Rai@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          4 months ago

          Nobody is fucking doing that, though! This isn’t a “oh I will hack this person using a relay attack” attack, it’s some dumb kids breaking into cars using physical measures. They are NOT going to be using a RELAY ATTACK

          • OutsizedWalrus@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            They are. It’s not incredibly common, but it’s not rare.

            My coworker had his car stolen from his driveway. He believes it was a relay attack.

            That being said, it’s super easy to mitigate by putting your keys in a metal bin.

        • Grippler@feddit.dk
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          9
          ·
          5 months ago

          AFAIK they’re not anymore vulnerable than central locking systems

          • msage@programming.dev
            link
            fedilink
            English
            arrow-up
            15
            ·
            5 months ago

            Yes they are, because keyless listens to the car asking for authorization, so you can amplify the car signal hoping the key is not too far off, and unlock the car without any other work.

      • astrsk@kbin.run
        link
        fedilink
        arrow-up
        10
        arrow-down
        1
        ·
        5 months ago

        What’s more, all keyless cars still have a fob with proximity and if the fob dies, they legally have to have a way to start the car without the fob battery which is why they all have an nfc reader somewhere (usually in a cup holder) so you can put you dead fob on it and the car will start like normal.

        • Grippler@feddit.dk
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          5 months ago

          So what was the exploit then? They could get in to the car without the key?

          • Confused_Emus@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            13
            ·
            edit-2
            5 months ago

            No engine immobilizer was the ultimate issue. And from what I understand, it was just an issue with models sold in the US, so all this misery was caused by a manufacturer’s cost saving measure.

            ETA: To clarify, the cause was a manufacturer’s cost saving measure enabled by the US regulations’ lack of a requirement for engine immobilizers.

          • PriorityMotif@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            5 months ago

            Yeah, by breaking the window. Then they rip out the ignition cylinder and turn the electrical switch just like on old cars. They didn’t put any kind of electronics into the key to prevent this from happening. Most keys from about 1999+ have an NFC type “chip” in them that prevents the car from starting without a key that is programmed to the car.

            • Grippler@feddit.dk
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 months ago

              Aah, so it actually has absolutely nothing to do with keyless access and driving like most seem to complain about.

      • barsquid@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        5 months ago

        Still, it would be cool if they didn’t charge hundreds of dollars for a replacement key that costs them a couple bucks.

        • ayyy@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          That’s…not how rolling codes and tight timing requirements work. There are almost zero keyless entry car models that can be unlocked, let alone started, with hardware at the sophistication level of a flipper.

          • Raiderkev@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            Yeah I did a little homework after I made the comment n realized I was wrong. Didn’t get a chance to go back n remove or fix it.

            • ayyy@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              4 months ago

              I mainly pushed back because the Flipper Zero is an amazing toy to teach novices young and old about the basics of radios, computing, and cryptography. But they are facing backlash around the world from uneducated, reactionary, “think of the children” mouth breathers and you shouldn’t give those chucklefucks any more ammo in their misinformation belt.

        • Grippler@feddit.dk
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          4 months ago

          That’s no different than if you had central locking and a douche nearby (but significantly further away than keyless access and start) to intercept it as you lock/unlock it. Risk of this actually happening to you is so slim, it’s not an issue in real life.

        • Rai@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          4 months ago

          You’re an insane person if you think KIA BOIZ are using a fucking flipper and not opportunistically attacking parked cars hahahaha

    • ShepherdPie@midwest.social
      link
      fedilink
      English
      arrow-up
      12
      ·
      5 months ago

      They were vulnerable because they didn’t use chipped keys therefore people could break the ignition cylinder off and rotate the actual switch behind it to start the car. Cars with immobilizers still wouldn’t start even if you removed the lock cylinder because the sensor didn’t detect the chip. This is basically how most all cars worked prior to the 90s/00s which is where the trope of “using a screwdriver to steal a car” came from.

      I’m really curious how they were able to add this in using software alone since you’d need some sort of sensor to detect the key along with keys that have a chip embedded in them.

      • Petter1@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        4 months ago

        😄so, my dacia spring can be stolen like that as well? It has one key without even a battery 🤣 (I think) Luckily I live in peaceful Switzerland, so I don’t even have to lock the car overnight…

        Edit: it locks the steering wheel if not started, maybe that would be enough?

        • ShepherdPie@midwest.social
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          You might have an immobilizer as no battery is needed in the key, it’s just a little chip embedded inside.

          As far as the steering wheel lock, I think it can be defeated as well as those were used at least as far back as the 1970s and cars were still stolen then too. I believe people just hammered a screwdriver into the ignition to be able to bypass it.

          You should Google your model of car to see if it has an immobilizer.

    • AngryCommieKender@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      Yep. No one would have stolen my SAAB anyway, since it was a stick shift, but if someone had tried, they’d have gotten a nasty surprise. On the '80s models the stick shift had a half inch steel pin that locked the gear shift of the car in reverse if a sensor in the ignition didn’t sense the key, and tell it to disengage. You could hotwire the car just fine, but I would almost pay to see how you explain to the cops why you’re driving down the road in reverse.

    • Slithers@reddthat.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      5 months ago

      I don’t know this to be a fact, but we own a Kia targeted by this whole ‘challenge’ business, and my understanding is that this issue is primarily because remote start was a factory installed feature for most of the generation and the “software update” that enhances security prevents remote starters from working.

      • the_toast_is_gone@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        5 months ago

        I had my Sonata stolen last year. The problem is that, by default, there was neither a key checker nor a steering immobilizer built into the vehicles. These are industry standard features for every car manufacturer… Except Kia and Hyundai. These are required features in every car sold in every Western nation… Except the United States. To have excluded this literal 90s tech from their vehicles when they’re so common that no one would ever stop to think about whether their car has them constitutes a serious lie by omission on the part of Kia and Hyundai, in my opinion. If I knew that all you had to do was rip off the ignition and shove something onto a peg to screw off with the car, I would have told the dealer to stick it up his butt.

        For those wondering: I had comprehensive insurance, so I was paid the full value of the vehicle after it was totaled. I bought a Toyota Camry with the money and it’s a great car. I am never buying Kia or Hyundai cars again and I recommend everyone else avoid them from here on out. Like, if this is what they’re willing to do to save $30 per assembled vehicle, what else might be lurking in their newer vehicles that we won’t know about until it’s too late?

      • ayyy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        Nope, they just went so fucking cheap that they didn’t even bother verifying the presence of a key to start the car. It’s got nothing to do with technological hacking, it’s just the same basic hot wiring that was pervasive before the invention of computers.

  • Scott@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    34
    ·
    5 months ago

    My car was never affected in the first place and I’m still getting fucked by my insurance saying it’s a “theft risk” charging out the ass

    • weew@lemmy.ca
      link
      fedilink
      English
      arrow-up
      11
      ·
      5 months ago

      Insurance companies like to claim they’ve done all the math and research but they’re just lazy asses looking for any reason to raise rates.

    • Confused_Emus@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      7
      ·
      5 months ago

      I’d guess a result of the dumber criminals not knowing what specific models are vulnerable. This fiasco tainted the entire brand.

      • ayyy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        And when you spend all your money on hookers and blow you can just shout out loud “I DECLARE…BANKRUPTCY!” and then all your debts are automatically erased.

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    4
    ·
    5 months ago

    Here’s my simple solution: drive a super old car. My car:

    • isn’t worth stealing
    • is immune to popular TikTok attacks because the tech is too old
    • drives just fine

    There are some downsides, but at least I don’t have to deal with this nonsense.

  • davidagain@lemmy.world
    link
    fedilink
    English
    arrow-up
    26
    ·
    5 months ago

    Despite the fixes, theft claims for the affected Hyundai and Kia models continue to exceed industry norms, including for vehicles equipped with the upgraded software, according to HLDI. One reason could be that the software-based immobilizer only activates if the driver remembers to lock the vehicle with a fob, while many people are in the habit of using the switch on the door handle.

    If ever there were a problem that is ripe for fixing with the first version of the software upgrade, not a future one, this was it.

  • TheFinn@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    25
    ·
    5 months ago

    I just had to purchase a vehicle. My insurance company basically asked me not to buy a KIA or Hyundai and warned that the premiums for those makes were super high.

    • WantsToPetYourKitty@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      4 months ago

      It’s funny that even though theft rates have plummeted since the mass software upgrade, premiums have stayed high. They have savant-level mathematicians (actuaries) evaluating risk and even with compelling data showing otherwise, they choose to keep labeling these cars high risk and continue to charge exorbitant premiums.

      • ayyy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        15
        ·
        edit-2
        4 months ago

        The whole “insurance price is determined by geniuses” thing is just bullshit. They benefit greatly from perpetuating the myth but never really demonstrate competence. Their calculations are very non-specific. For example determining risk by ZIP code in places where one side of the tracks/street/infrastructure built with structural discrimination in mind is just not granular enough. Another example would be that some model of vehicle came with optional emergency braking, but taking the option doesn’t change insurance calculations at all, but having the feature as standard for all models reduces the price for those models.

        “Insurance actuaries are sevants” is just an extension of the lie that “free” markets are 100% efficient and always correct.

        • WantsToPetYourKitty@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          Well I mean actuaries are like savants. Years ago in uni my calc III college prof was one. Amazingly sharp dude. Do I think insurance companies over-generalize their risk assessments? Yupp. Do insurance companies likely ignore their actuaries and set premiums to make outrageous profit? Probably.

          Disclosure: I hate insurance companies. Also that professor was super weird

      • Petter1@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        Well, the cars do not get stolen, but the windows sure as hell get smashed to check if it works. This costs money as well.

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      8
      ·
      5 months ago

      Same. I was looking at cars and told my insurance, who then said, “If you get a KIA, you never have to worry about losing your car keys, since you can search online on how easy it is to break in.”

      That throwaway joke threw me into the rabbit hole of the Kia challenge. Definitely a shit show.

  • mightyfoolish@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    1
    ·
    5 months ago

    I’m not buying this PR garbage. KIA and Hyundai thefts fall as cars lacking basic security hardware were stolen and wrecked until there are no more to steal and wreck.

    Thank you for re-adding late 20th century tech to your 21st century cars. /s

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 months ago

      A lot of cars in my neighborhood have been using a club to lock the steering wheel. Reminds me of the 80s-90s.

      • ShepherdPie@midwest.social
        link
        fedilink
        English
        arrow-up
        5
        ·
        5 months ago

        Those do absolutely nothing to stop someone from stealing a car as they attach to your steering wheel made of foam and plastic which takes seconds to cut through. They’ve only come back in to popularity due to grifters willing to sell people a false sense of security.

        • mightyfoolish@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          To be fair, they add another minute or two to the time it takes to steal the car.

          I also feel these bars make your car harder to steal than the other car on the same block. If everyone is using them, you’re car is again only as hard to steal as that other car on the block. This could make it a target again.

          However, that update or a third party solution is going to do a whole lot more.

  • einlander@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    5 months ago

    I wasn’t going to get a new car any time soon. And my next car was going to be a Kia Soul. But I went with another brand. The Kia/Hyundai brand is hot right now. Crackheads and thieves aren’t trying to figure out if your car is affected, you still end up with an inoperpable car. Maybe in a few years it will die down.

    • TheIllustrativeMan@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      That applies to every manufacturer, and no, there isn’t really a fix.

      It’s also not really happening in any meaningful numbers, at least yet…

      • JohnWorks@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        “Hyundai and Kia aren’t alone in this high-tech fight. The same resellers offer console-like devices that can brute force key combinations for modern Infiniti, Lexus, Mercedes-Benz, Mitsubishi, Nissan, Subaru and Toyota vehicles, among other makes not sold in the U.S.”

        Didn’t even see that part in the article that’s concerning. Maybe not all manufacturers but a lot of them need to step their security up then.

        • TheIllustrativeMan@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          There really isn’t a way to realistically shield against relay attacks. Most people say “just go back go physical keys”, but those are even less secure.

          Phone-as-key and keycard systems are vulnerable in the same way.

    • RedAggroBest@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      4 months ago

      If it wasn’t eligible for the FIX (this is NOT an upgrade, you are entitled to them fixing this shit if it does effect you)maybe it wasn’t the right ignition system? My 2013 Elantra needed it and it seemed to be on the older end of cars who had the vulnerability.

  • Tautvydaxx@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    You would all lough to your grave if you would see how shit is the immo system in these cars are. To add a new key to a car you have to read immo data of the car and than decode it to get a password to make the key. In these cars you just sit in the car, make the car go into add key mode and than just touch the key to antena, and thats it, no passwords no immo data reading.

    • ayyy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      4 months ago

      Your “make the car go into add key mode” statement is doing a ton of heavy lifting here, cryptographically speaking.

      • Tautvydaxx@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        4 months ago

        No its not, you just send a comand, there are no crypto, passwords, pins, secret comands or special tool. Thats why i sayed its shit and you would lough to your grave. As i see you may know something about cars, get a new hyundai, connect a simple passtrough and inject “ 41 64 64 6B 65 79 “ than touch NOT A KEY, but an empty chip without even an antena. And than come back and tell me your results, how a comand does a lot of heavy lifting.

  • LazaroFilm@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    16
    ·
    edit-2
    5 months ago

    Has biometric been considered for cars? I mean it’s used for phones and computers, why no cars. Maybe in addition to a key/fob. If it senses the fox and your biometrics (either finger or face or both even) it will start the car. If the car doesn’t recognize your biometrics, then you need to enter the key in the vehicle to start it. If it recognizes you can start it.

    • czech@lemm.ee
      link
      fedilink
      English
      arrow-up
      38
      ·
      5 months ago

      We’ve already solved this issue without biometrics. The manufacturers just cheaped out on actually implementing it in the affected models.

    • barsquid@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      5 months ago

      Given that car manufacturers cannot stop themselves from sending fuckloads of data about drivers, I do not want them to have any biometric scanners whatsoever.

    • Shirasho@lemmings.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      5 months ago

      I have never had a phone that has successfully unlocked the first time using biometrics. I wouldn’t say it is a solved problem or a solution. There are also implications with law enforcement when using biometrics. They can’t force you to unlock something with a password, but they can forcefully unlock something with your fingerprint.

      • bandwidthcrisis@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        5 months ago

        The older fingerprint readers that were on the back or below the screen worked perfectly and near-instantly (I’ve used several Nexus, Pixel and Moto phones).

        At least some of the newer in-screen readers are slow and unreliable. I’ve heard that the ultrasonic ones are better.

      • barsquid@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        The 5th Amendment is a nonissue here. If they have a warrant for your phone and you don’t give up the password it is hard to get in. If they have a warrant for your car and you don’t open it for them they will just smash a window. I doubt our cars are bothering to encrypt any of the ridiculous amounts of telemetry they collect.

    • TheIllustrativeMan@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 months ago

      Ironically, I think Hyundai is the only company currently doing biometrics. They have a face unlock and fingerprint start on the GV60 in some markets iirc.