Hyundai and Kia has released a software update to address a serious theft vulnerability exposed by a group of petty criminals on TikTok.
Over four million Kia and Hyundais have been exposed by a group of people in the US calling themselves The Kia Boys who post tutorials on how to steal certain 2011-22 Kia and Hyundai vehicles using only a USB cable.
This vulnerability isn’t present in Australian-market vehicles, however, with our government having mandated immobilisers in all new cars from July 1, 2001. These are now standard-fit on all US-market Hyundai and Kia models from 2022.
Hyundai and Kia have confirmed they will have a software update for most vehicles lacking an immobiliser and have plans to roll out the update starting with their most popular models.
The software update will include an extension to the alarm from 30 seconds to one minute and will require a key to be in the ignition switch to turn the vehicle on.
Hyundai says it will only take an hour for a dealership to implement the update via and upon completion, owners will receive a window decal to ward off potential thieves.
The first models to receive the software update are the 2017-20 Elantra, 2015-19 Sonata and 2020-21 Venue, and Hyundai is working on an update for other affected vehicles including the Palisade, Santa Fe and Tucson models with installations to begin around June 2023.
Kia will begin rolling out its updates this month, and will also follow a phased approach.
The National Highway Traffic Safety Administration (NHTSA) is encouraging owners of affected vehicles from between 2011 and 2022 to contact their local police department to obtain a steering wheel lock from a limited supply Hyundai and Kia have donated.
If one of the 26,000 wheel locks that Hyundai and Kia donated to local police aren’t available, Hyundai is also offering customers a refund for the purchase of a brand new steering wheel lock until the software update can be applied.
According to the NHTSA, the viral trend thus far has seen 14 reported accidents and eight fatalities as a result of the thefts.
Earlier this month, the Colorado Springs Police Department announced several juveniles were charged in connection to stolen vehicles, while in Chicago three 13-year old boys were arrested following a fatal crash involving a stolen Kia.
Essentially the method is nothing more than using the stumpy end of a USB cable as a makeshift socket to turn the ignition and override the security after smashing the plastic surrounds from the steering column.
It still requires the criminal to find a vehicle with an open door, or smash a window to gain access to the interior. The method doesn’t circumvent an aftermarket immobiliser or alarm system, however the thieves can potentially avoid setting off the factory alarm by climbing in the window instead of opening the door.