pull down to refresh
396 sats \ 1 reply \ @fanis 27 Sep
TL;DR:
- Kia didn't properly protect its endpoint for registering new dealers, allowing anyone to register as a car dealer
- with dealer privilege, you can access a car's owner personal details from Kia's API, using only their vehicle's VIN, which can be derived from their license plate
- you can even revoke their ownership of the vehicle, and put yourself as owner instead. Being owner means you can unlock, lock, or even start the car from the Kia app. You basically just stole the car, and there was no notification alerting the actual owner.
No go read the full thing, it's pretty well-written.
reply
10 sats \ 0 replies \ @OT 27 Sep
This is why I like old cars for the time being.
I should also admit that I'm interested in the idea of when everyone has driverless cars and we all get around without traffic and can spend that time doing other productive stuff. But the bugs need to be ironed out first.
reply
10 sats \ 0 replies \ @DarthCoin 27 Sep
Hack this one...
reply
10 sats \ 0 replies \ @SnowyLND 27 Sep
I'd rather not have a full-tech car. Older cars with more mechanics than techs are the best.
reply
0 sats \ 0 replies \ @LowK3y19 27 Sep
Oh no they stole my Kia!
reply