So, I still receive telemetry information from my old lease car, a Kia e-Niro, to my app. A huge, HUGE privacy issue.

I made sure to remove my profile from the car before turning it in, and doing a factory reset of the car’s software.

I can see everything, AC, whether there are doors open, odometer, and above all, location.

Also tried to see if I can turn off the AC, but any commands throw an error, so disabling my account on the car at least did something 😅

I had it in the Netherlands, it’s in Poland, and it looks like it’s on its way to Ukraine.

Kia, you need to check your security.

Edit:

Holy shit it gets real bad. I can lock and unlock the car.

  • Nonagon ∞ Orc@lemmy.world
    link
    fedilink
    arrow-up
    22
    arrow-down
    2
    ·
    edit-2
    4 days ago

    Cybersecurity professional here, I’d read up on Kia’s responsible disclosure policy, to avoid any potential trouble, and for guidelines on how to disclose it to them and handle this ethically.

    https://www.kia.com/eu/vulnerability-disclosure/

    Unfortunately they don’t do bug bounties, which is too bad.

    Edit: I wouldn’t listen to people telling you to lock the car, exploit it in other ways or disclosing it to the media first. That is unethical at best and illegal at worst.

  • kcweller@feddit.nlOP
    link
    fedilink
    arrow-up
    34
    ·
    5 days ago

    I can lock and unlock the car that’s I don’t own. This is slightly worrisome, and me and my partner have just decided not to get a eNiro of our own 😅

    • SkyezOpen@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      4 days ago

      Just don’t get a Kia period. They’re notorious for being stolen because their security is shit.

    • FordBeeblebrox@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      4 days ago

      I used to work for AAA which has a program called GIG (Get It Going) where you can rent a Prius in the Bay Area much like a Lime scooter. They had to stay connected and EVERY SINGLE WEEKEND someone would take one up to hike in the mountains or drive down the coast, lose connection and it would instantly go into lockdown mode. They would have to call for us to tow a dead car they couldn’t even open to get their things out of.

      So hey, a bear or crackhead might do the killing for you if you get a WiFi car