Hyundai facing legal action over car that can be stolen ‘effortlessly in seconds’ [Ioniq 5 and 6]
Posted by Bitter-Fly1230@reddit | cars | View on Reddit | 80 comments
FeralJesus69@reddit
Ah shit, here we go again
hi_im_bored13@reddit
But this method is no different to what you'd use with literally any other car with keyless entry
Its just hyundai bad = clicks
ChimRichaldsOBGYN@reddit
Right, just so I’m clear… thief purchases some kind of special scanner that figures out the car signal that’s being emitted mirrors it and then poof your car is gone?
Like this could be done on any car that has a wireless car fob for opening and closing car doors and starting the car? So basically like 99% of new cars these days?
RiftHunter4@reddit
Correct. Someone broke into my car this way. Because it mimics the keys, there's no alarms.
Full-Penguin@reddit
Just unlocking the doors is different than being able to start and drive away in it.
A ton of manufacturer's suffered from poor security on their Connected Car features and could be unlocked by simply typing the license plate number into a bit of code. No device needed other than a cell phone.
solarpurge@reddit
Uhh . . . source?
Full-Penguin@reddit
Which part?
https://samcurry.net/hacking-kia
https://samcurry.net/hacking-subaru
https://www.bitdefender.com/en-us/blog/hotforsecurity/hacking-cars-remotely-with-just-their-vin
There was a much more extensive list that included manufacturers from Ferrari to Jeep, but I don't have time to find that article right now.
For this part, I don't think I need to explain how rolling codes work in cars.
solarpurge@reddit
The license plate. Thats crazy. I'm glad I never subscribed to any of those services.
Medalineman@reddit
Generally, yes.
It hasn’t been a huge problem because of the cost of the scanners have been high enough to deter thieves from ‘investing’ in the tools.
When some of this stuff started blowing up ten-ish years ago, nobody saw a huge issue with the ‘hey you can steal a Tesla pretty easy, if you have this tool that costs similar to the entire cars msrp, and have the knowledge to use the system.’
Technology generally gets cheaper over time, but you also can’t extract value from a stolen car easily.
At this point, you’re spending tens of thousands* on the specialty equipment to joyride a car, or have a chop shop set up to sell parts, but if the scanners ever get to be pretty cheap, the kia boys phenomenon might come back.
*the last detailed article I saw on this claimed the signal scanner / repeaters good enough to steal cars were in this price range, but it’s been years since then.
scorp00@reddit
https://flipperzero.one/ $170 is all you need to steal a modern car with push button start
ChimRichaldsOBGYN@reddit
Gotcha! Yea I guess it just boggles my mind that there’s such a market for secondhand Hyundai/Kia parts out there. But this isn’t H/K’s fault necessarily anymore than any other car company. (Unless somehow it’s found that H/K’s system is less robust security-wise versus other car companies using similar tech. In which case … yikes for H/K)
My hope would be that this lawsuit forces some sort of added security step to help prevent this kind of hacking in the future. Cuz you know major car companies (Ford, Stellantis, H/K, etc) aren’t going to do anything more than the minimum (security wise) unless forced to so maybe this jumpstarts it.
Erigion@reddit
The thefts happening in the UK (which is where OP's article is about) seem to be exporting the stolen cars to other countries. They aren't parting them out.
CaptainGo@reddit
Yeah this is neither a new discovery nor is it just a Hyundai problem
Erigion@reddit
Yes. Here's a video that explains it, with help from an actual thief.
https://youtu.be/uHIwtiA963M?si=SEGUEK0hXP_5ia7v
WhipTheLlama@reddit
The problem is that car security is pathetically bad. A few companies need to be sued so they'll invest in more secure systems.
kobrons@reddit
Newer systems are harder to steal nowadays. At least on European cars because it will increase your insurance costs in certain markets quite significantly.
Sweet-Gushin-Gilfs@reddit
Well, they definitely earned their reputation. They only have themselves to blame for any bad press.
hi_im_bored13@reddit
Exactly, so there are plenty of legitimate issues concerning hyundai to write about, no need to generate clicks because it takes away from the real issues.
I don’t really see how hyundai should be singled out with bad press here, considering it’s a widespread issue across every manufacturer.
c172fccc@reddit
Isn’t this an issue with literrally any car with a smart key? That’s why my keys are in a bag.
skjall@reddit
While moving around sure, AFAIK my BMW keys are only active when they detect movement, so you can't just walk up to a car and relay the signal if the keys are stationary.
andrewia@reddit
That's a clever mitigation! Unfortunately I don't think other brands have replicated it.
kobrons@reddit
VW group had that in their older models and nowadays started with additional uwb antennas that make the Relais attack pretty much impossible.
kyonkun_denwa@reddit
Volvo has a clever approach, where the system software is programmed in Swedish and nobody has bothered learning how to steal them.
PotatoGamerXxXx@reddit
Software programmed in Swedish? I'm not a programmer but that sounds like bs.
David_Summerset@reddit
woooooooösh
Regaltiger_Nicewings@reddit
/r/woosh
ANJ-2233@reddit
I was assuming that was a joke!
FuckTheFourth@reddit
It's a joke
Ghost17088@reddit
Toyota key fobs can be turned off manually. Press the unlock button twice holding the lock button. The small LED will blink 4 times and that means the key is disabled.
Full-Penguin@reddit
Most have rolling codes, so the thief would need to be in range when the car was locked to get the updated rolling code to unlock. That would then change again to be able to start the car.
mrb4@reddit
I saw a video of guys doing this, going around with a giant antenna looking contraption in between a person's car and their house. They boosted the signal from the key and activated the keyless entry and apparently were also able to start the car this way.
I-Hate-You__@reddit
Yeah but BMW is smart... Bell curves and all that.
A_Right_Proper_Lad@reddit
My understanding is that UWB based keys can use time-of-flight calculations accurately enough to make relay attacks ineffective.
epicepee@reddit
Smart keys can be built so they're impossible to clone. Nothing is unbreakable, but they can be done much better than Hyundai has apparently done.
https://security.stackexchange.com/questions/250025/why-dont-car-keys-use-algorithms-like-rfc-4226
olov244@reddit
this is so stupid. I wouldn't buy a cat if I had to do that. I'd say disconnect the keyless system but it's probably so mixed in you can't
luke10050@reddit
Its even easier than that. In Australia we've been having problems of late model Holden Commodores (Chevy SS) being stolen. Effectively all a theif does is disable the vehicles horn by cutting a cable from outside the car, gaining physical access (not entirely required if you know what you're doing) and using a $300 Chinese scan tool that doesn't care about phoning home to the manufacturer to program a new key, unlock the car, start it and drive away.
Happens in about 60 seconds and it doesn't even matter if they have the keyfob or not.
Careful-Combination7@reddit
Turns out there's more than one way to steal a car
roombaSailor@reddit
I just download them.
ChainringCalf@reddit
You wouldn't!
RobsyGt@reddit
Only manufacturer I know of that doesn't have this issue is VW. They're KESSY system plus the key to sleep if it hasn't moved and the car also knows the last distance the just was away from it. So if another signal suddenly turns up next to the car it won't open.
ChainringCalf@reddit
Yeah, if this is a uniquely Hyundai issue, the article doesn't say anything to indicate that.
bobjr94@reddit
This keeps getting reposted. It can be done with any modern car, this isn't a Hyundai issue.
Full-Penguin@reddit
Not really. Being able to unlock a car by spoofing a key is one thing, being able to unlock and drive away is another thing completely.
I-Hate-You__@reddit
Bullshit the Germans don't have this problem.
Ftpini@reddit
I love keyless entry. But I’d give it up in a second to make this type of theft impossible.
That said the fix is clearly to use two factor authentication. Be it a fingerprint scanner or facial recognition at the car or even an Authenticator app on your phone.
They could go high tech and have the key be an actual computer that does more than just ping an endless all clear signal.
AwesomeBantha@reddit
I already dislike having to 2FA several times a week for my work email etc, having to pull out my phone and wait for it to scan my face every time I want to drive my car would drive me insane
tyfe@reddit
Oh yea, that's what we all need. Car companies having our fingerprints and facial recognition.
Ftpini@reddit
You think new cars don’t constantly scan and map your face? How do you think attention monitoring works?
ManokBoto@reddit
They been stealing Hellcats and other keyless systems like this for years, its not specifically a Hyundai problem
BigOldButt99@reddit
Well well well...
gaspeeee@reddit
the usual suspects
MasterK999@reddit
Can anyone explain why they don't put on-off switches on remotes now. These man-in-the-middle attacks have been known for years.
wanderingviewfinder@reddit
My question is, who's stealing Ioniq5 and 6s and why?
04limited@reddit
What ever happened to bladed keys with immobilizers? That seemed to be the pinnacle of ignition security.
goaelephant@reddit
Honestly, underrated technology
Same thing with manual seats. Manual seats are actually faster than power seats, and rarely fail 10-15 years down the line like power seats.
We really need to go backwards with some technology, we tried reinventing the wheel too much.
KEVLAR60442@reddit
Power seats are really nice when paired with a memory function and multiple drivers, though. And it's nice when power seats automatically move after opening the door to assist with egress.
I personally am fine with manual seats in anything, but I won't ever complain about a car not having manual seats.
hbs18@reddit
Power seats suck in coupes if you have someone getting in the back. You have to stand there, holding a button and waiting while it slowly moves forward so the passenger can enter, while with manual seats you'd just push it forward.
ChainringCalf@reddit
You have too many friends. Using the back seats was the first mistake.
BrewerAndHalosFan@reddit
They were my wife’s one request in her car. She’s 6’ and I’m 5’7” and doesn’t like adjusting the seat every time I drive the car
JustThall@reddit
Given recent popularity of squared wheels we are not in the right spot currently
I-Hate-You__@reddit
Killin' it
ymjcmfvaeykwxscaai@reddit
Pin to drive could be added to any car that uses a touchscreen. It's just an additional defense layer over the key and you can turn it on if you don't need the added protection. I park in a garage so I leave it off 24/7.
andrewia@reddit
I wonder if UWB mitigates this, since it uses latency to measure distance. In that case, keeping your keys in a Faraday cage and using phone-as-key with an NFC backup card would be a good mitigation.
Firereign@reddit
It does. Which is why, for many years, Teslas have been some of the least stolen cars (along with PIN-to-drive).
Tesla has many faults. The security of the cars is not one of them. It absolutely blows my mind that other manufacturers have not copied their approach.
Given that the vast majority of people buying a new car have a UWB-capable phone, this should even win over the bean counters: they get to save the cost of shipping a “proper key”, all they need to include with the car is a couple NFC keycards!
hotweiss@reddit
It does...
Firereign@reddit
Many people already have a suitable UWB key: their smartphone.
(And, in some cases, their smartwatch.)
ven_@reddit
UWB is accurate within a 30cm margin and should completely fix this kind of attack.
Shadow_Ass@reddit
Is this an US issue? Even a couple of months ago it was only reported heavily in the US that people have been stealing Hyundai and Kia vehicles. I never read about it in Europe. Maybe the thieves here are focusing more on the German brands and the Koreans aren't interesting enough.
Drone30389@reddit
IIRC the Hyundai mechanical key hack (commonly reported as a USB hack because a USB connector fit into the ignition but was only used to turn it) didn't work in Canada because Canada required immobilizers.
bigev007@reddit
Correct
Old_Acanthaceae5198@reddit
And it won't go anywhere. This is a shake down. It will be settled because folks love extortion.
Wiseguy_7@reddit
I'm sorry, I just thought the guy in the thumbnail was Jonny.
BloodDK22@reddit
Why would anyone steal a Hyundai? :)
cooky561@reddit
I drive a VW Up! and before that an old Mercedes, they were never stolen, keyless is not so easy to use I find it an attractive feature, and this is certainly making it look like a turn off.
Eggith@reddit
Dodge was having it done before it was cool
shellmiro@reddit
Ooh boy here we go again...
Kia Boys 2: Electric Boogaloo anyone?
Sun_Aria@reddit
We dem boyz
Jamaican_Dynamite@reddit
Damn. It's a rematch.
trivletrav@reddit
Is this drastically different from the current method deployed on pretty much all modern vehicles? Chargers and Lexus vehicles also have this same exact weakness no?
Same_Disaster117@reddit
After all the bullshit they still didn't fix this?!