On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription.
Additionally, an attacker could silently obtain personal information, including the victim's name, phone number, email address, and physical address. This would allow the attacker to add themselves as an invisible second user on the victim's vehicle without their knowledge.
Attackers roamed the systems of Avis Car Rental, a major car rental service provider, for several days, accessing data of nearly 300,000 individuals.
Malicious actors breached Avis systems on August 3rd and roamed inside the system for three days until the company secured its networks.
The company’s data breach notification letter, submitted to the Maine Attorney General’s Office, states that Avis discovered the breach on August 5th, indicating it took at least one day to kick the malicious actors out.
Making Software I am a programmer by nature. I now had root access to a cool new linux box so now I must develop software for it. The Goal While looking through many of the IVI’s files, I found tons of really cool C++ header files relating to ccOS in /usr/include. ccOS is the Connected Car Operating System, an OS developed by Nvidia and Hyundai which is supposed to power all Hyundai vehicles from 2022 onwards, but I guess some of the underlying system was in previous Hyundai vehicles for quite some time.