A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate.
Well, the concerning thing for me is less the hack as much as this connected system having these capabilities in the first place. A dealer should not be able to open and start my car without my keys (or a copy of them), a physical lock pick or a pry bar...
The flaws also exposed car owners' sensitive personal information, including their name, phone number, email address, and physical address, and could have enabled attackers to add themselves as a second user on the targeted vehicles without the owners' knowledge.