Millions of Toyota, Hyundai, Kia Car Keys Highly Vulnerable to Cloning: Report
Like Gone in 60 Seconds, but with a Kia Rio instead of a Ferrari.
Thieves are coming for your Camry, and may be able to use your car's own key to get access. If you’ve seen the classic movie Gone in 60 Seconds—the “good” one with Nicholas Cage—you’ve seen something like this in action. In the film, they used a device to read the signals from cars’ key fobs and then use it to unlock and steal the vehicle. This is kind of like that, but much less exciting. Instead of a posse of outlaw car bandits chasing a mythical Ford Mustang, tech-savvy car thieves may be able to gain access to Toyota, Hyundai, and Kia vehicles, all of which use the same Texas Instruments encryption technology. According to, European researchers there are potential holes in the security technology that could leave many vehicles open to attack.
These "holes" in the system means that a thief can steal the key’s signal by using an RFID reader or transmitter device. The signal can be “stolen” by holding the device nearby when the car’s owner uses the fob to lock or unlock the vehicle and then used to trick the vehicle into thinking there’s a legitimate key nearby.
Despite using encryption to protect the signal, researchers were able to discover the vulnerability quite easily by reverse-engineering the vehicles’ firmware, Gizmodo reports. Toyota vehicles actually send the key’s serial number along with an encrypted signal, but Hyundai and Kia vehicles send a random 24-digit number as protection. Researchers told Wired that the 24-bit protection measures could be easily hacked in a “couple of milliseconds on a laptop,” but they didn’t make their exact methodologies public.
Hyundai stated to the outlet that none of their affected vehicles are sold in the United States while Toyota claims that its vulnerable vehicles are from older model years. The full list is quite extensive, and can be seen below. The most interesting thing about this list of cars is that Tesla has already been through the wringer over its key vulnerabilities. Though it shows up on the list, the company issued a fix that was meant to remedy the problem, which researchers say has worked. The solution involved an over-the-air software update and a push to reprogram keyless entry modules.
Got a tip? Send us a note: firstname.lastname@example.org