Kia: Difference between revisions - Consumer Rights Wiki

(3 intermediate revisions by 2 users not shown)

Line 13:

==Consumer-impact summary==

Kia has explicitly designed Kia Connect as a closed platform. In 2025, the company added CAPTCHA-based authentication to its EU login process <ref>https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api/issues/855</ref>, which disrupted community integrations such as [https://evcc.io/en evcc], [https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api hyundai_kia_connect_api], [https://github.com/Hyundai-Kia-Connect/kia_uvo Home Assistant], and others. These projects had previously enabled features such as retrieving the state of charge, smart charging with renewable energy, and integration into smart homes.

Kia has explicitly designed Kia Connect as a closed platform. In 2025, the company added CAPTCHA-based authentication to its EU login process <ref>{{Cite web |last=@Jesus-M |date=2025-08-07 |title=EU login error (again) #855 |url=https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api/issues/855 |url-status=live |archive-url=https://web.archive.org/web/20250903172139/https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api/issues/855 |archive-date=2025-09-03 |website=[[GitHub]]}}</ref>, which disrupted community integrations such as [https://evcc.io/en evcc], [https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api hyundai_kia_connect_api], [https://github.com/Hyundai-Kia-Connect/kia_uvo Home Assistant], and others. These projects had previously enabled features such as retrieving the state of charge, smart charging with renewable energy, and integration into smart homes.

When asked about an official interface, Kia responded that “the Kia Connect ecosystem is designed as a closed platform” <ref>https://github.com/evcc-io/evcc/issues/23147#issuecomment-3229600956</ref> and that “an implementation of a public API is currently not planned due to security concerns” <ref>https://github.com/evcc-io/evcc/issues/23147#issuecomment-3233590258</ref>.

When asked about an official interface, Kia responded that “the Kia Connect ecosystem is designed as a closed platform” <ref>{{Cite web |last=@astrakid |date=2025-08-27 |title=Since Kia API update: vehicle soc: timeout #23147 |url=https://github.com/evcc-io/evcc/issues/23147#issuecomment-3229600956 |url-status=live |archive-url=https://web.archive.org/web/20251210182819/https://github.com/evcc-io/evcc/issues/23147 |archive-date=2025-12-10 |website=[[GitHub]]}}</ref> and that “an implementation of a public API is currently not planned due to security concerns” <ref>{{Cite web |last=@Snited |date=2025-08-28 |title=Since Kia API update: vehicle soc: timeout #23147 |url=https://github.com/evcc-io/evcc/issues/23147#issuecomment-3233590258 |url-status=live |archive-url=https://web.archive.org/web/20251210182819/https://github.com/evcc-io/evcc/issues/23147 |archive-date=2025-12-10 |website=[[GitHub]]}}</ref>.

==Incidents==

===Security vulnerability (2024)===

Researchers disclosed flaws in Kia’s European web portal that allowed remote control of vehicle functions, including unlocking doors, starting engines, and tracking location, using only a license plate number. The vulnerability was patched after disclosure <ref>{{Cite web|url=https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/|~~title=Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug|first~~=~~Andy~~|~~last~~=~~Greenberg|date=2024~~-09-26|~~work~~=~~Wired~~|access-date=2025-08-26}}</ref><ref>{{Cite web|~~url~~=~~https://samcurry.net/hacking~~-~~kia~~|title=Hacking Kia: Remotely Controlling Cars With Just a License Plate|~~date~~=~~2024~~-09-20|~~work~~=samcurry|access-date=2025-08-28}}</ref>.

Researchers disclosed flaws in Kia’s European web portal that allowed remote control of vehicle functions, including unlocking doors, starting engines, and tracking location, using only a license plate number. The vulnerability was patched after disclosure <ref>{{Cite web |last=Greenberg |first=Andy |date=2024-09-26 |title=Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug |url=https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/ |url-status=live |archive-url=http://web.archive.org/web/20251216145111/https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/ |archive-date=16 Dec 2025 |access-date=2025-08-26 |work=[[Wired]]}}</ref><ref>{{Cite web |date=2024-09-20 |title=Hacking Kia: Remotely Controlling Cars With Just a License Plate |url=https://samcurry.net/hacking-kia |url-status=live |archive-url=http://web.archive.org/web/20260111141618/https://samcurry.net/hacking-kia |archive-date=11 Jan 2026 |access-date=2025-08-28 |work=[[samcurry.net]]}}</ref>.

==See also==

@@ Line 13: / Line 13: @@
 ==Consumer-impact summary==
-Kia has explicitly designed Kia Connect as a closed platform. In 2025, the company added CAPTCHA-based authentication to its EU login process <ref>https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api/issues/855</ref>, which disrupted community integrations such as [https://evcc.io/en evcc], [https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api hyundai_kia_connect_api], [https://github.com/Hyundai-Kia-Connect/kia_uvo Home Assistant], and others. These projects had previously enabled features such as retrieving the state of charge, smart charging with renewable energy, and integration into smart homes.
+Kia has explicitly designed Kia Connect as a closed platform. In 2025, the company added CAPTCHA-based authentication to its EU login process <ref>{{Cite web |last=@Jesus-M |date=2025-08-07 |title=EU login error (again) #855 |url=https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api/issues/855 |url-status=live |archive-url=https://web.archive.org/web/20250903172139/https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api/issues/855 |archive-date=2025-09-03 |website=[[GitHub]]}}</ref>, which disrupted community integrations such as [https://evcc.io/en evcc], [https://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api hyundai_kia_connect_api], [https://github.com/Hyundai-Kia-Connect/kia_uvo Home Assistant], and others. These projects had previously enabled features such as retrieving the state of charge, smart charging with renewable energy, and integration into smart homes.
-When asked about an official interface, Kia responded that “the Kia Connect ecosystem is designed as a closed platform” <ref>https://github.com/evcc-io/evcc/issues/23147#issuecomment-3229600956</ref> and that “an implementation of a public API is currently not planned due to security concerns” <ref>https://github.com/evcc-io/evcc/issues/23147#issuecomment-3233590258</ref>.
+When asked about an official interface, Kia responded that “the Kia Connect ecosystem is designed as a closed platform” <ref>{{Cite web |last=@astrakid |date=2025-08-27 |title=Since Kia API update: vehicle soc: timeout #23147 |url=https://github.com/evcc-io/evcc/issues/23147#issuecomment-3229600956 |url-status=live |archive-url=https://web.archive.org/web/20251210182819/https://github.com/evcc-io/evcc/issues/23147 |archive-date=2025-12-10 |website=[[GitHub]]}}</ref> and that “an implementation of a public API is currently not planned due to security concerns” <ref>{{Cite web |last=@Snited |date=2025-08-28 |title=Since Kia API update: vehicle soc: timeout #23147 |url=https://github.com/evcc-io/evcc/issues/23147#issuecomment-3233590258 |url-status=live |archive-url=https://web.archive.org/web/20251210182819/https://github.com/evcc-io/evcc/issues/23147 |archive-date=2025-12-10 |website=[[GitHub]]}}</ref>.
 ==Incidents==
 ===Security vulnerability (2024)===
-Researchers disclosed flaws in Kia’s European web portal that allowed remote control of vehicle functions, including unlocking doors, starting engines, and tracking location, using only a license plate number. The vulnerability was patched after disclosure <ref>{{Cite web|url=https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/|title=Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug|first=Andy|last=Greenberg|date=2024-09-26|work=Wired|access-date=2025-08-26}}</ref><ref>{{Cite web|url=https://samcurry.net/hacking-kia|title=Hacking Kia: Remotely Controlling Cars With Just a License Plate|date=2024-09-20|work=samcurry|access-date=2025-08-28}}</ref>.
+Researchers disclosed flaws in Kia’s European web portal that allowed remote control of vehicle functions, including unlocking doors, starting engines, and tracking location, using only a license plate number. The vulnerability was patched after disclosure <ref>{{Cite web |last=Greenberg |first=Andy |date=2024-09-26 |title=Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug |url=https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/ |url-status=live |archive-url=http://web.archive.org/web/20251216145111/https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/ |archive-date=16 Dec 2025 |access-date=2025-08-26 |work=[[Wired]]}}</ref><ref>{{Cite web |date=2024-09-20 |title=Hacking Kia: Remotely Controlling Cars With Just a License Plate |url=https://samcurry.net/hacking-kia |url-status=live |archive-url=http://web.archive.org/web/20260111141618/https://samcurry.net/hacking-kia |archive-date=11 Jan 2026 |access-date=2025-08-28 |work=[[samcurry.net]]}}</ref>.
 ==See also==