close
close

Fehler on the website mentions the Fernsteuerung der Pkws

Fehler on the website mentions the Fernsteuerung der Pkws

Millions of vehicles of the brand Kia could be hacked, tracked and their data copied thanks to a single website.

For the Hack der Fahrzeuge from Kia, four Security Officers used the appropriate Number Shield. Schon im June these years entdeckten de Entwickler die Schwachstellen. The Angriffe konnte man from the Ferne bei all modern Vehicles innerhalb of round 30 Sekunden ausführen. Due to the hack function that does not work, an active Kia Connect subscription is no longer possible.

But that wasn’t all. You can request an unnoticed personal information about the names, telephone number, email address and transcript of the offers offered. The fact that the fear arises is that the wisdom of the offers is no longer visible in the future of the options offered. Dann would have been rolled over the Fahrzeug by the Hacker, no longer abgegebeb.

Die Schwachstellen on the Kia official website that the Hersteller inzwischen behoben. By Neiko Rivera, Sam Curry, Justin Rijnhart and Ian Carroll don’t play Tool war in the Umlauf. The Kia Team has made the best choice, the drivers in Wissens were not willing to be taken care of.

Message about security luck

Before a few years such a man nach Sicherheitslücken more like a Dutzend verschiedener Automobilhersteller. If you solve a critical problem, the problem is light that $15.5 million must be paid out of the first half of the year, its activation, start-up and start-up. The reaction to the war gross. Paul Roberts, from the Gründer and Chief Editor of The Security Ledger, made a statement about this knowledge in one of the American Congresses.

So it was noticeable that the war started, that one of the larger Unternehmen was erneut zu untersuchen. People want to know that they do not have a new Security Lücken-gibt, but no one has received any money. First Unternehmen, where man himself is civilized, war Kia. You can focus on the website owners.kia.com and the Kia Connect iOS app com.myuvo.link. Both applications are interesting, but we can provide you with Internet access and information.

If you use its own website and mobile app, you will no longer be able to work. The besitzer website uses a backend reverse proxy, a use of the backend service api.owners.kia.com weiterzuleiten, for the automatic processing of the most likely war, where the mobile app puts statistics directly on this API technology .

An HTTP security notification, which provides the website owners.kia.com with an API security notification and the host api.owners.kia.com, is an authorization of the data. When you send an HTTP security, the root of the website-owners.kia.com Kia backend generates a Sid-Session-ID-Header, which is the backend API of the JSESSIONID as an authenticated user.

Provide the API that weitergeleitete HTTP security on the website api.owners.kia.com. The correct header in the HTTP attack is the Sid (Sitzungs-Token) and Vinkey (UUID, which is displayed on the Fahrgestellnummer). Another header has been changed, which has put all for the Zugriff on the API self-ordering. Both have generated HTTP inquiries if they are in the future, while the Kia-Schwachstellen are financed in the year 2023.

kia, kiaconnect.kdealer.com

Kia-Händler’s infrastructure in Visier

War is being waged as Kia goes through the Fahrzeugaktivierung near Neukäufen. Kia comes from a handler with an email address, a registration link for the Fahrzeug to appear. It may be that a new Kia-Konto registers or that there is no new Fahrzeug that can be the best Kia-Konto. Neater are the four hacker emails that the system sends. The registration takes place on the domain kiaconnect.kdealer.com, this war still cannot be carried out.

Find the JavaScript code on the website on the interesting APIGW pages. Man and this was the best war for the Mitarbeiter. It uses the functionality of the handlers, contact, registration, notification and many more actions with API output. If you are running a test, you can set an endpoint to an HTTP attack and the Handler-APIGW endpoint with your own Handler-Token (Appid-Header) and the Fahrgestellnummer of a Fahrzeug, which is the Forscher occupation.