Hyundai wants Ioniq 5 owners to pay to fix security vulnerability

Hyundai in the UK is offering owners of its Ioniq 5 electric car an “optional” security update that is supposed to protect their cars from being stolen using a Game Boy-like device. The update involves hardware and software changes and costs £49 ($65). According to The Verge, its goal is to prevent the use of portable devices that allow you to unlock and start your car without a key.

In recent years, there has been a rise in thefts of Kia, Hyundai and Genesis models in the UK and beyond, due to a vulnerability in Hyundai Motor Group's wireless protocols. Among the most vulnerable are the Ioniq 5, Kia EV6 and Genesis GV60. The Game Boy-like device, which is believed to have been developed by European hackers, has been in use for more than five years. It intercepts the signal coming from the door handle, decodes it and sends a fake signal to make the car "believe" that the key is present. The engine is then started using the same method.

Back in 2020, The Drive reported that this device allows you to steal a car with a simple push of a button, without the need for complex relay attacks on the signal. In Europe, its price reaches €20,000, but it is widely used to steal various car brands. By the way, in 2024, the Hyundai Ioniq and Kia EV6 were on the list of the most stolen cars in the UK.

Despite a five-year warranty, Hyundai is asking owners to pay to fix the vulnerability, which raises questions. Researchers also found other security issues last year, including in Kia's web portal that allowed cars to be unlocked and started remotely. In 2023, Hyundai and Kia already agreed to pay $200 million in the Kia Boyz case, where attackers bypassed protection using a USB cable.

Thus, Hyundai is trying to reduce the risks of theft due to a known vulnerability, but does so at an additional cost to owners, which is causing a mixed reaction.