Hyundai and Kia cars could be stolen with just a USB cable

(Image credit: Hyundai)

As many as four million Hyundai vehicles without push-button start and immobilizing anti-theft devices in the US are being targeted in the latest round of automotive attacks, with TikTok getting the blame.

The so-called ‘challenge’ on social media has uncovered how criminals can remove the steering column cover of certain models, uncovering a USB port that they can use to hotwire the car.

According to Los Angeles officials, the ‘Kia Boyz’ challenge resulted in a substantial 85% increase in the theft of Hyundai and Kia models compared with the previous year (via CNBC).

Hyundai and Kia thefts

In an announcement, Hyundai said that “all Hyundai vehicles produced since November 2021 are equipped with an engine immobilizer as standard equipment”. Despite this, the list of affected models is extensive:

2017-2020 Elantra
2015-2019 Sonata
2020-2021 Venue
2018-2022 Accent
2011-2016 Elantra
2021-2022 Elantra
2018-2020 Elantra GT
2011-2014 Genesis Coupe
2018-2022 Kona
2020-2021 Palisade
2013-2018 Santa Fe Sport
2013-2022 Santa Fe
2019 Santa Fe XL
2011-2014 Sonata
2011-2022 Tucson
2012-2017, 2019-2021 Veloster

The first three models emphasized in italics in the above list are already eligible for a software update, which must be performed at an authorized dealership and can take as long as an hour. The remaining models are expected to get a patch by June 2023.

In the meantime, Hyundai promises to be distributing free steering wheel locks to law enforcement agencies, which are to be supplied to owners and leasers of affected models. It will also install window stickers on fixed vehicles to notify criminals of their upgraded security. However, there are some models that cannot accommodate the software fix. The company says:

> These are the best endpoint protection software choices around today

> Why API cyber attacks are one of the biggest threats this year

> Apple releases security fix for iPhone and Mac zero-day flaw, so update now

“For these customers, Hyundai is finalizing a program to reimburse them for their purchase of steering wheel locks. Hyundai will provide these customers with more detail in the very near future.”

Hyundai has set up a dedicated website for owners of the affected vehicles to check their vehicle identification numbers (VINs) and schedule the service.

Kia (part of the Hyundai Motor Group) is also reportedly affected by the hack and is due to issue a statement soon (via Bleeping Computer).

Protect your computer with the best antivirus software

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!