Hyundai: Difference between revisions

Line 18:

In August 2025, a flaw was discovered in the security of Hyundai's wireless communications protocol which allows hackers with a "Game Boy-style" device to access the Ioniq 5 and gain physical access to the vehicle without the owner's consent. Hyundai is offering to fix this flaw in their production software for customers who pay a £49 charge.<ref name=":0">{{Cite web |last=Warren |first=Tom |date=2025-08-13 |title=Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole |url=https://www.theverge.com/news/757205/hyundai-ioniq-5-security-upgrade-fix-game-boy-device-attacks?utm_source=tldrinfosec |url-status=live |website=The Verge}}</ref>

==Background==

===Background===

Keyless entry systems and push-button start systems in cars are becoming increasingly prevalent, offering drivers greater convenience and enhanced features like remote start. While these systems enhance the user experience, they have also introduced new security challenges, with criminals developing ways to exploit vulnerabilities. These systems have long been vulnerable to relay attacks, a broader issue in the automotive industry documented by security researchers. <ref>{{Cite journal |last=Francillon |first=Aurelien |last2=Danev |first2=Boris |last3=Capkun |first3=Srdjan |date=2010-10-21 |title=Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars |url=https://eprint.iacr.org/2010/332.pdf |journal=Cryptology ePrint Archive |via=Cryptology ePrint Archive}}</ref> Previous incidents (e.g., Kia “USB hacks”<ref>{{Cite web |last=Stumpf |first=Rob |date=2022-08-02 |title=How Thieves Are Stealing Hyundais and Kias With Just a USB Cable |url=https://www.thedrive.com/news/how-thieves-are-stealing-hyundais-and-kias-with-just-a-usb-cable |url-status=live |access-date=2025-08-20 |website=The Drive}}</ref> and BMW relay thefts<ref>{{Cite web |date=2023-11-27 |title=BMW stolen with “ Remote Relay Attacks “ |url=https://www.ixforums.com/threads/bmw-stolen-with-%E2%80%9C-remote-relay-attacks-%E2%80%9C.2732/ |url-status=live |access-date=2025-08-20 |website=iXforums}}</ref>) illustrate a systemic security problem across the industry.

==Hyundai's response==

===Hyundai's response===

Hyundai put out a statement on their website:<ref>{{Cite web |date=2025-08-20 |title=Security and Locking Systems |url=https://www.hyundai.com/uk/en/owners/owning-a-hyundai/security-and-locking-systems.html |url-status=live |archive-url=https://web.archive.org/web/20250821053423/https://www.hyundai.com/uk/en/owners/owning-a-hyundai/security-and-locking-systems.html |archive-date=2025-08-21 |access-date=2025-08-20 |website=Hyundai}}</ref><blockquote>All vehicles produced by Hyundai are developed and certified in accordance with all applicable security and regulatory standards in place at the time of production and sale, including the applied security systems installed.

Line 28:

As part of the Company’s commitment to supporting our customers, we are able to offer a subsidised software and hardware upgrade for a customer contribution of £49.</blockquote>Hyundai’s statement frames the £49 charge as part of their “commitment to supporting customers,” describing the fix as a “subsidised upgrade.” However, this phrasing shifts attention away from the underlying issue—that customers are being asked to pay to address a security vulnerability in the company’s product. While the cost may be reduced, the language used makes it less clear that responsibility for the expense has been placed on owners rather than covered by the manufacturer.

==Customer backlash==

===Customer backlash===

Many consumers have expressed sharp frustration and disillusionment over Hyundai's handling of the Ioniq 5 keyless theft vulnerability.<ref name=":0" /><ref>{{Cite web |date=2025-03-29 |title=Hyundai facing legal action over car that can be stolen ‘effortlessly in seconds’ |url=https://www.reddit.com/r/technology/comments/1jmpo7g/hyundai_facing_legal_action_over_car_that_can_be/ |url-status=live |access-date=2025-08-20 |website=Reddit}}</ref> One notable case involves a digital security expert, whose Ioniq 5 was stolen in under 20 seconds using a handheld emulator device disguising itself as a Game Boy.<ref>{{Cite web |last=Ungoed-Thomas |first=Jon |date=2025-03-29 |title=Hyundai facing legal action over car that can be stolen ‘effortlessly in seconds’ |url=https://www.theguardian.com/technology/2025/mar/29/hyundai-facing-legal-action-over-car-that-can-be-stolen-effortlessly-in-seconds?utm_source=chatgpt.com |url-status=live |access-date=2025-08-20 |website=The Guardian}}</ref> The owner says Hyundai had warned him of other modifications the vehicle required, but failed to alert him and other motorists that its security systems were compromised.

@@ Line 18: / Line 18: @@
 In August 2025, a flaw was discovered in the security of Hyundai's wireless communications protocol which allows hackers with a "Game Boy-style" device to access the Ioniq 5 and gain physical access to the vehicle without the owner's consent. Hyundai is offering to fix this flaw in their production software for customers who pay a £49 charge.<ref name=":0">{{Cite web |last=Warren |first=Tom |date=2025-08-13 |title=Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole |url=https://www.theverge.com/news/757205/hyundai-ioniq-5-security-upgrade-fix-game-boy-device-attacks?utm_source=tldrinfosec |url-status=live |website=The Verge}}</ref>
-==Background==
+===Background===
 Keyless entry systems and push-button start systems in cars are becoming increasingly prevalent, offering drivers greater convenience and enhanced features like remote start. While these systems enhance the user experience, they have also introduced new security challenges, with criminals developing ways to exploit vulnerabilities. These systems have long been vulnerable to relay attacks, a broader issue in the automotive industry documented by security researchers. <ref>{{Cite journal |last=Francillon |first=Aurelien |last2=Danev |first2=Boris |last3=Capkun |first3=Srdjan |date=2010-10-21 |title=Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars |url=https://eprint.iacr.org/2010/332.pdf |journal=Cryptology ePrint Archive |via=Cryptology ePrint Archive}}</ref> Previous incidents (e.g., Kia “USB hacks”<ref>{{Cite web |last=Stumpf |first=Rob |date=2022-08-02 |title=How Thieves Are Stealing Hyundais and Kias With Just a USB Cable |url=https://www.thedrive.com/news/how-thieves-are-stealing-hyundais-and-kias-with-just-a-usb-cable |url-status=live |access-date=2025-08-20 |website=The Drive}}</ref> and BMW relay thefts<ref>{{Cite web |date=2023-11-27 |title=BMW stolen with “ Remote Relay Attacks “ |url=https://www.ixforums.com/threads/bmw-stolen-with-%E2%80%9C-remote-relay-attacks-%E2%80%9C.2732/ |url-status=live |access-date=2025-08-20 |website=iXforums}}</ref>) illustrate a systemic security problem across the industry.
-==Hyundai's response==
+===Hyundai's response===
 Hyundai put out a statement on their website:<ref>{{Cite web |date=2025-08-20 |title=Security and Locking Systems |url=https://www.hyundai.com/uk/en/owners/owning-a-hyundai/security-and-locking-systems.html |url-status=live |archive-url=https://web.archive.org/web/20250821053423/https://www.hyundai.com/uk/en/owners/owning-a-hyundai/security-and-locking-systems.html |archive-date=2025-08-21 |access-date=2025-08-20 |website=Hyundai}}</ref><blockquote>All vehicles produced by Hyundai are developed and certified in accordance with all applicable security and regulatory standards in place at the time of production and sale, including the applied security systems installed.
@@ Line 28: / Line 28: @@
 As part of the Company’s commitment to supporting our customers, we are able to offer a subsidised software and hardware upgrade for a customer contribution of £49.</blockquote>Hyundai’s statement frames the £49 charge as part of their “commitment to supporting customers,” describing the fix as a “subsidised upgrade.” However, this phrasing shifts attention away from the underlying issue—that customers are being asked to pay to address a security vulnerability in the company’s product. While the cost may be reduced, the language used makes it less clear that responsibility for the expense has been placed on owners rather than covered by the manufacturer.
-==Customer backlash==
+===Customer backlash===
 Many consumers have expressed sharp frustration and disillusionment over Hyundai's handling of the Ioniq 5 keyless theft vulnerability.<ref name=":0" /><ref>{{Cite web |date=2025-03-29 |title=Hyundai facing legal action over car that can be stolen ‘effortlessly in seconds’ |url=https://www.reddit.com/r/technology/comments/1jmpo7g/hyundai_facing_legal_action_over_car_that_can_be/ |url-status=live |access-date=2025-08-20 |website=Reddit}}</ref> One notable case involves a digital security expert, whose Ioniq 5 was stolen in under 20 seconds using a handheld emulator device disguising itself as a Game Boy.<ref>{{Cite web |last=Ungoed-Thomas |first=Jon |date=2025-03-29 |title=Hyundai facing legal action over car that can be stolen ‘effortlessly in seconds’ |url=https://www.theguardian.com/technology/2025/mar/29/hyundai-facing-legal-action-over-car-that-can-be-stolen-effortlessly-in-seconds?utm_source=chatgpt.com |url-status=live |access-date=2025-08-20 |website=The Guardian}}</ref> The owner says Hyundai had warned him of other modifications the vehicle required, but failed to alert him and other motorists that its security systems were compromised.