Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Street
The Street
James Ochoa

Forget the Kia Boyz, a new exploit leaves Kias and Hyundais vulnerable

South Korean automaker Hyundai and its sister company Kia have been through the ringer. when it came to a notorious security vulnerability that was exposed through the power of social media.

The infamous "Kia Boyz" sprang a wave of auto thefts from 2021 to 2023, where Hyundai and Kia vehicles were targeted due to the lack of a vital security feature called an immobilizer, rendering them easy to drive without a key. 

Related: The bare minimum is working wonders for Elon Musk

In "instructional" videos that have gone viral on social media platforms like TikTok, thieves demonstrated how easy it was to steal such vehicles, as it only required 35 seconds and rudimentary tools like a flat-head screwdriver and a USB charging cable for a smartphone.

While Kia and Hyundai have introduced fixes for vehicles targeted by the Kia Boyz, thieves have evolved and a new vulnerability is affecting vehicles that are crucial to the Korean automaking duo's future in the industry. 

A new breed of "Kia Boyz"

A Hyundai Ioniq 5 at Everything Electric London 2024 on March 28, 2024 

John Keeble/Getty Images

As per a report by Inside EVs, brazen auto thieves are targeting Hyundai and Kia EVs, but are cut from a different cloth from the "Kia Boyz" exposed on TikTok's For You page. 

Compared to the Kia Boyz, the thieves targeting these EVs act more like enterprising cybercriminals, as their methods exploit vulnerabilities in vehicle software. 

Screwdrivers and USB smartphone charging cords are replaced by a sophisticated piece of technology known as an "emulation device," an amalgamation of radio transmission gadgetry stuffed into a device with the form factor of an old-school Nintendo Game Boy or similar devices. 

These "Game Boys" do not accept game cartridges of the video game Grand Theft Auto, rather it allows people to commit the crime of actual grand theft auto. 

Kia EV6 fully electric EV car at Everything Electric London 2024 on March 28, 2024

John Keeble/Getty Images

Basically, these devices are designed to emulate, or replicate the characteristics of a key. In practice, a thief would walk up to a Ioniq 5 or Kia EV6 that they seek to steal and touch the door handle. 

By touching the door handle, the car actively starts to look for the owner's key to unlock the car. The thief would then activate a program that talks to the car, convincing it that the thief is holding the key to the car. By using the program, the device generates codes that would identify the device as the actual key. 

Related: CDK Global expects software outage to end soon, as dealers lawyer up

When the program finds the code (which can take a matter of seconds), the device is as good as the actual key and can be used to lock, unlock and commandeer the car. Additionally, once thieves get a good distance away, they can easily pull out the car's connectivity devices, which can render any type of tracking useless.

Gone in 25 Seconds

In one video taken from a home surveillance camera, it took a duo of thieves 25 seconds to take a Hyundai Ioniq 5 from a driveway. 

These devices have been around for some time and carry some pretty hefty price tags. A 2020 report from The Drive showed that a Bulgarian entity producing such devices charged the equivalent of $25,000 for a unit.

According to one reseller of the device investigated by InsideEVs, the device is capable of stealing EVs like the Hyundai Ioniq 5, the Kia EV6, the GV60 from Hyundai's luxury Genesis brand as well as gas-powered cars like the Kia Niro, Forte, and K5.

More Business of EVs:

But for such an expensive device, thieves are getting their money's worth. 

Robert Whiteside told British tabloid newspaper The Sun in October 2023 that thieves nicked his Hyundai Ioniq 5 from right in front of his South London home while he was away on vacation in Cyprus. 

He found out that his car was being stolen from a notification from the Hyundai Bluelink app alerting him that his car was unlocked. Though he was able to remotley connect to his home surveilance system, the car had already vanished into thin air. 

"Two people walk up, open the car and drive off in a matter of seconds," he said.

"We were shocked and being away from the UK had challenges reaching the police via 999 so had to resort to other channels. I then realised the thief had removed me from the Bluelink App so I had no visibility of the car’s status or location."

Related: Veteran fund manager sees world of pain coming for stocks

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.