For more than a year, Hyundai and Kia owners around the United States have watched their cars get stolen. Thieves have found that some of these vehicles are so easy to steal that they could get the job done with just a USB cable. Thousands of these cars continue to disappear from driveways, as stealing them has turned into a social media trend. Things appear to be getting worse, as a major insurance company appears to be declining to cover targeted vehicles.
Back in 2021, owners of thousands of Hyundai and Kia vehicles in Milwaukee, Wisconsin fell victim to a new trend. Thieves–sometimes teenagers following what they saw on social media–figured out that some Hyundai and Kia models are easy to steal. In 2021, Milwaukee residents were the victims of 10,479 vehicle thefts. Just a year before, the number was less than half at 4,500 vehicles stolen. Before the year was even out there was a clear difference in what was getting stolen, too. According to WISN 12 News, more than two-third of the cars stolen were Hyundai and Kia models.
This year, cities all over the United States from Grand Rapids, Michigan to Memphis, Tennessee are all seeing similar trends on their streets. Car thefts are on a sharp rise in those cities and as Carscoops reports, the two brands stick out as popular targets.
What’s Making These Cars So Attractive To Thieves?
As we reported last month, thieves have discovered that Hyundai and Kia vehicles with keyed ignitions can be started with just a USB cable. These people break into the vehicle by smashing a window. Then they pull apart the steering column before defeating the ignition switch and shoving in a USB cable.
Repair shops and police claim that the targeted vehicles don’t have immobilizers, from the Milwaukee Journal Sentinel:
Officials have determined that the models of Kia and Hyundai vehicles being targeted lack engine immobilizers, an electronic security device that makes it more difficult to start a vehicle without a key.
The vehicles being targeted are generally newer model years with keyed ignitions instead of a push-button start.
It’s unclear exactly which models and years don’t have immobilizers. As a reader pointed out last time, at least some Kia and Hyundai vehicles with keyed ignitions do have immobilizers. As a response to these claims, Hyundai and Kia say that as of the 2022 model year, all vehicles from both brands have immobilizers.
Either way, immobilizer or not, it seems based on what I’m seeing online that many of these vehicles can be stolen in less than a minute. And it doesn’t take any real skill to do it. I’m fairly sure that a 5-year-old could pull it off.
Stealing these cars has become a social media trend. Some who claim to steal these vehicles call themselves the Kia Boyz. In social media videos tagged or associated with the Kia Boyz, you can see allegedly stolen Kia/Hyundai vehicles driving recklessly on city streets, being driven into crowds of people, or intentionally leading police into chases. A recent video seems to show an allegedly stolen Hyundai being ditched into Lake Michigan:
https://www.youtube.com/watch?v=TGynNEXKXV0
I actually learned the process from a now-deleted how-to video from TikTok. And unfortunately, some people have died in crashes involving stolen Kia/Hyundai cars.
This has been horrifying for owners of these vehicles and families of the victims. Some of these people have stood by as their vehicles have been stolen before their eyes. But it still gets worse from there.
Kia And Hyundai Owners Face Insurance Issues
As ABC 7 News Denver reports, owners of some vehicles in Denver, Colorado are reportedly getting a cold shoulder from Progressive Insurance. As the report states, Progressive is declining to offer coverage on some new policies due to the rate some Kia and Hyundai models get stolen. Customers who request a quote are told that based on the vehicle information they provided, Progressive cannot offer a policy at that time.
Progressive has released this statement to ABC 7 News Denver:
“We’re committed to providing affordable insurance solutions for consumers based on the particular level of risk while also ensuring our policies are accurately priced. Due to the theft risk that some Hyundai and Kia vehicles present, in many cases it makes these vehicles difficult to insure, so we have adjusted our acceptance criteria for new business on some of these models. We’ll continue to monitor how this issue plays out, and are hopeful to be able to revisit our decision if the theft risk diminishes and community awareness improves,” the company statement said.
Those who aren’t getting their new policies declined are apparently seeing higher rates. ABC 7 News Denver further explains why this is happening:
Carole Walker with the Rocky Mountain Insurance Association said it’s unfortunate for owners of these vehicles, but insurance companies need to contain risk to keep premium costs low for their other customers.
“They’re also looking at the market that we’re in,” Walker said. “Colorado now tops the list for auto theft. So, your car insurance company is looking at that risk, determining the premium, how much it will cost to repair and replace that vehicle, but also how likely is it to get stolen, and then destroyed or damaged when it is stolen.”
It appears that the insurance struggles of Hyundai and Kia owners aren’t isolated to Denver, either. A Reddit user in Milwaukee noted last year that when they tried to insure a leased vehicle through Progressive, they were told that the insurer could not offer them a policy. Kia and Hyundai owners in these cities have little choice but to shop around. And they may find higher premiums due to these vehicle thefts.
I have reached out to Progressive Insurance with a few questions and for a comment on this matter. I requested a list of Hyundai/Kia vehicles that it will not insure, and I asked if the company is aware of any potential vulnerabilities in the targeted vehicles. The company has not responded as of publishing.
I also reached out to other Geico, Liberty Mutual, Farmers, Allstate, and State Farm to see if those companies are doing something similar.
State Farm got back to me with a short statement: State Farm continues to welcome customers regardless of the make of their vehicle. I didn’t hear back from the other companies as of publishing.
Our lovely designer, Adrian Clarke, says that this situation reminds him of something similar that happened about three decades ago. The Ford Sierra Cosworth had incredible insurance premiums because the vehicles were infamously easy to steal. People still joke about it in the modern day on online forums.
There are some things that owners of a Hyundai or Kia can do to slow down or discourage a theft. Authorities recommend the use of a steering wheel lock. If you’re in Milwaukee, you can get a free steering wheel lock from police after showing proof of vehicle ownership. You can also pick up an aftermarket immobilizer or install a cut-off switch.
I spoke with a tow truck operator who often tows some of these vehicles after they’ve been abandoned or crashed. Their recommendation is a low budget one: disconnect the battery. Their thinking is that if the car won’t start, they aren’t going to waste time trying to diagnose why. Hopefully they’ll give up, and you get to keep your car.
[Editor’s Note: For $13 you can buy a battery disconnect switch. You simply disconnect one of your battery cables, bolt it to this switch, then connect the switch to the battery terminal.
When you leave your car, you just pop the hood and twist the knob, and boom: your car won’t start. You’ll have to reconfigure some of your infotainment settings, but it’s worth it. -DT]
None of these will defeat someone who is really determined to have your car. But they may slow them down enough that they’ll pass up on your vehicle. As the story of these thefts continues to develop you can expect us to follow along. Hopefully, with time this trend will die and owners can begin to breathe easy.
Author’s note: In fairness to Hyundai and Kia, we haven’t done a comparison on how easy vehicles from different marques are to steal. And neither brand’s vehicles made it onto the National Insurance Crime Bureau’s top ten list of most stolen vehicles of 2021.
Progressive is a terrible corporation, I’m that their low prices are because they cherry pick what they determine to be drivers and cars that are statistically known to be low risk.
Yeah if you are/have one it’s hard to complain. But it’s unfair for a product that’s mandatory to buy (unlike a fancy watch etc).
They don’t touch old cars. At all.
Oh, and no edit button in the reply dialog box, or I would have – you know – edited my last post
All of my classic Minis have two anti-theft devices – they’re all manual transmissions and they all have a hidden switch that shuts off the electric fuel pump – except the one that has a mechanical fuel pump, on that one the switch shuts down the coil.
But neither or those devices will stop a guy with a flatbed or trailer from just scooping it up and hauling it off to a shop where they can defeat all my security devices and sell the car out of the country or something.
So mine stay locked in my garage. Can they bust into my garage and steal them anyway? Sure, but then I have my backup devices – two very barky little poodles! 🙂
The battery disconnect is a good idea, but if the potential thief sees you lift the hood and fiddle with it the usefulness drops significantly.
Done right you don’t have to reset your clock and have your car learn how to run itself again every time you use it. The answer is a simple fuse holder and a pair of ring terminals. Connect one end to the bolt on your OE terminal and one to the bolt on the disconnect. Put a 10 to 20 amp fuse in it, depending on the vehicle, and you are good to go. You don’t actually disconnect the computers and radio power but if you try to use the starter the fuse will pop instantly and prevent the starter from functioning.
Note this won’t work well on most hybrid cars, since on most of those the 12v battery doesn’t actually start the car it just boots the computers and closes the HV battery contactors. (I “jump” started the wife’s hybrid with the small battery I use for testing which is equipped with a 20a fuse.)
Got an illustration of this?
For those of us who are silently thinking “But if it had a manual this would be prevented”, keep in mind if more cars had manuals more people would know how to drive them. That “security feature” would stop being one.
Don’t some of the remote start devices have immobilizers? Granted it would be a pain but may be worth it along with some big window decals to warn away casual thieves.
If I were to suddenly go insane and buy a Hyundai or Kia and then find out it’s one of these without imobilizers, I would definitely go for the steering wheel lock instead of the battery disconnect.
If the wannabe thief can SEE the steering lock he’s not gonna bother, but before he finds out the car won’t start due to the battery disconnect he’ll have to break windows and tear apart half the dash, so way less fun for the car’s owner afterwards.
I told my wife.. if I ever manage to gain back any of the trillion marbles I lost.. of which I have none now…
AND I trade my 05 Element to Hyun Kia… just shoot me in the face.. or beat me with my 5′ alum pole (commonly found under my backseat.)
Just as an aside, I don’t think people appreciate what good journalists bring to an article. To anyone else this would be a normal paragraph they’d pass over if they didn’t understand it:
“Our lovely designer, Adrian Clarke, says that this situation reminds him of something similar that happened about three decades ago. The Ford Sierra Cosworth had incredible insurance premiums because the vehicles were infamously easy to steal. People still joke about it in the modern day on online forums.”
But thanks to the cross-team efforts of Streeter and Clarke, I went down a rabbit hole of finding out how easy the Ford Sierra Cosworth actually was to steal – a car that wasn’t even for sale in the US. Little nuggets like this count, thank you!
Waaaay back in 1984 I bought a Dodge Daytona Turbo Z. When I transferred my insurance everything was fine. When the yearly renewal came up I found out that would no longer insure any turbocharged car. They’re always looking for something.
And in case you’re wondering just how much Progressive cares about protecting their policyholders from increased costs…
– posted profits of nearly $600M for 2021
– pays their current CEO, Susan Patricia Griffith, $14.5M per year – over $4M of it in cash
– pays their current CFO, John P. Saureland over $4.5M per year – over $2.5M in cash
– pays their personal lines president Patrick K. Callahan $4.1M per year, also over $2M in cash
– has spent over $250M on stock buybacks since January 2021
– is very, very much quantity over quality in all aspects
– has a long, long, long reputation of fighting every single claim tooth and nail
– has had to settle numerous lawsuits for using shadetree unlicensed body shops and sub-standard parts to save on their costs, putting owners at very real risk of harm or death
So yeah, don’t mind me playing the world’s smallest violin over here. There are reasons I’m not a Progressive customer.
If I was CEO/CFO of a company as big as progressive and NOT making at least that much, I’d be leaving. Honestly, those numbers seem small for a company that size to me. I’m at a small GovCon now and our c-suite is making, proportionally, significantly more compared to our profit/revenue numbers.
The second half of that list is much more impactful to me, and does have me considering re-reviewing my options. They were the cheapest option when I got my X4 last year so that’s what I went with… but maybe it’s time to review and not go with the cheapest option this time. If anyone has any good suggestions for places to research in PA, I’m all ears 🙂
And they buy radar guns for the revenuers.
Ive gone from being the highest risk customer… to probably the lowest in about 6yrs. Had an accident or two, 1 speeding ticket every 4-6mo. Toss in a red light camera.. or a stop sign blown….
I still swear by steering wheel locks. My insurers recently sent me a reminder letter, “blah blah.. we do not have evidence that your vehicle is secured while not in use”. I sent them a photograph of the steering wheel lock in place and assured them I had the only key and they replied, thanked me, and reduced my premium by 20%,
The vehicle? A 1931 Fowler road engine.
This is a country who is strangely resistant to windshield covers, which keep your car several degrees cooler, reduce the view of the contents, and preserve your interior. Instead, people buy dash toupees.
They can not be bothered with a steering wheel lock.
Id rather have a manuel, a battery disconnect switch and a car so damn ugly.. that no one wants it.
Oh wait.. I already do — 05 Element.
Note that USB part of it refers to the coincidental and quite convenient shape of the USB A type connector and how neatly it fits over a small projection in the ignition switch after the key part has been removed and NOT about anything to do with USB electronics. It’s purely a mechanical thing which makes it easier to turn said projection. The same can be easily achieved with needle nose pliers or pretty much any Leatherman. No USB is required.
There’s a nice pic at the top of this articles which makes it quite clear: https://www.thedrive.com/news/how-thieves-are-stealing-hyundais-and-kias-with-just-a-usb-cable
Thanks, that’s been driving me crazy.. I was imagining at first like there was a USB port under there and you stuck in a cable with pins 1 and 3 jumped or something.
Hello my fellow Autopian’s, I have been trying to reach you concerning your vehicle’s extended warranty…….
( I’m Just keeping with today’s BOT theme) 😉
Not seeing how…
I’m making over $3 a year working full time. I kept hearing other people tell me how much money they can make online so I decided to look into it. Well, it was all true and has totally changed my life.
I am making 1 U.S. dollar per year to complete some internet services from my bunker. I have not ever thought like it would even achievable however my confidant mate got $2 only in four years easily doing this best assignment and also she convinced me to avail.
I love editing these spam comments into absolutely absurd statements. This will have to do until we can ban them. lol
That’s comedy gold!
Thank you.
Wait… edit comments?!
INTEROBANG
I love your sense of humor! Please keep it up.
I imagine you could almost dedicate yourself full-time to comment editing! Each time I see them now I’m disappointed if you haven’t had your input yet.
Oh social media. Is there anything you can’t ruin?
Progressive can eat $hi+. Got a letter from them a week before Christmas 2019 informing me that they’d be dropping my auto policy after I had 5 windshields replaced over 3 years (on 3 different vehicles). I’d been with them for almost 20 years, with home, boat, moto, and auto policies. Customer service didn’t care. Suggested I reapply in 12 months. I moved everything to another carrier and saved ~20% too. Progressive sucks and now every time I see or hear a commercial I still get worked up.
You’re still mad at them for forcing you not to pay too much?
I had a terrible recent experience, too. I added a vehicle while I had a pending claim on my primary vehicle. The pending claim made it so I could not make changes to that vehicle’s coverage, but they still managed to swap the coverage between the two vehicles. And I couldn’t change it back because of the pending claim. And I had 15+ years with them and somehow adding minimal coverage on a 2002 pickup combined with my first claim in 10 years to basically double my premium, despite accident forgiveness. They told me I could buy a new policy with them and cancel the old for savings, but that I would have to call back to get cancelled after I got a new policy.
Went to Geico and got the same coverage much cheaper. And they cancelled my Progressive for me.
I had pretty good luck with them around 10 years ago, but they seem to have gone downhill.
AMEN!!!! FUCK THEM WITH A RUSTY PLYERS!
I was using SAFELITE to do the repairs.
Those fuckers could fuck up COLD BLACK COFFEE!
Yeah, Flo acts all sweet and cute in those Progressive commercials, but when push comes to shove she’s as brutal of a cutthroat as any other insurance company.
I don’t think Insurance Companies realize that it’s actually their job to insure cars, especially the ones that are easy to steal.
That’s what we like to pretend. But it is the job of the insurance company to minimize payouts while maximizing profits. So they make the most money by denying claims or charging a lot more for increased risks. It’s the same reason health insurance doesn’t just pay for you to get procedures or medicines your doctor says you need.
Only in states where insurance is compulsory on the insurers side, and in those states they can offer any rate reasonably supported by actuarial review. It would be very high on these cars.
Insurance companies are businesses, usually for-profit ones. They are not required to bankrupt themselves.
Not to mention I’m sure in those states they’re more than happy to offer liability only policies on these vehicles, which is all the states requirements really care about. They are likely denying the full coverage policies required by the lender/leasing company.
Of course insurance companies COULD be advocates for their customers by putting pressure on the automakers for change, while suggesting practical solutions for their customers to protect their cars.
Or they could be @ssholes and just leave their customers in a bad spot.
Insurance companies are not in business to pay claims.
Insurance companies’ job is to gamble that their customers will pay them far more in premiums than they will have to pay out in damage claims, thereby remaining solvent and profitable. When the risk of having to make a payout gets to high in proportion to the premiums that are likely to be paid, they get out of the market.
What I haven’t heard yet is what Kia/Hundai is doing to deal with this issue?
I suppose “easy to steal” doesn’t exactly fit the criteria for a safety recall, yet, damn it seems like an immobilizer is something they could retrofit and via an internal service action for the effected vehicles and solve the problem.
How these cars got out the factory door without an immobilizer defies logic. Probably accountants got involved.
Not only is an immobiliser an easy retrofit, but the same cars sold in Canada had one. Canada began requiring them in 2007, and Kia made the choice to put them into Canadian cars and leave them out of American cars. And, yeah, I am sure it saved them a few cents per car.
My 1968 Morris Traveller has both an imobiliser and a cut off switch as required by the previous owners insurance carrier due to its being street parked in London.
If you think that’s fun, try owning an Acura Integra GS-R or Type R. My insurer – which is a mutual insurer, so, not assholes – has an actual list for these. Ready to go.
1. Minimum $20,000 ARV for GS-R and minimum $60,000 ARV for Type R at initiation; must provide photographs and submit to independent appraisal upon request
2. Original title must be kept in a secure location such as a fire safe or safe deposit box and provide a notarized copy
3. MUST be parked in at minimum a locking garage with a security system or a locking garage behind security fence, secure storage with multi-layer security and on-site staff STRONGLY preferred, and yes you do have to prove it.
4. If insured as inoperable, MUST provide detailed information and photographs as to cause, and MUST take photographs, keep receipts, and provide serials or VIN etchings for all replacement parts
5. Absolutely no salvage or theft history unless they were the insurer at time of salvage
DAMN… fuckers wont steal my 05 Element.
I used to have a jerb at this GHETTO… Im talkin PO-lice there everyday, place gettin knocked over EVERY OTHER day…
THIS place was BAAAD and yet Ive got my car parked SQUAT in the middle of the lot within 4′ of the front door. SO all I gotta do is run out.. and be gone. THEY AINT NEVER TRY. Partially.. they be like.. WHO IN THE HELL WANTS THAT…
I thought the choke knob for the carburettor would suffice…
Kia and Hyundai have both said that all 2022s have immobilizers. Unfortunately, those are getting stolen, too.
I think “easy to steal” is a relative term… remember the thief has to get through a window and break the column lock, crack open the column covers. Sure hot wiring a car is more than touching 2 wires together (it always has been) but manufacturers work under the umbrella of “foreseeable misuse”. Do the car doors lock and are difficult to jimmy? yes? good! What about the steering lock, does it adhere to the industry standard? Great! Lastly can you override the ignition switch with a USB cable? What? You didn’t foresee that?
Immobilizers are not magic, and car designers are not fortune tellers, at some point there is a single wire between all the technology and the starting of the car. I do not see how, once we’re in the tertiary, or actually quandary level of theft “prevention” we can blame Kia/Hyundai.
We are not taking about airbags, seat belts or something like that, or are we discussing emissions, the ability of the car to handle safely etc. theft is and frankly should be pretty low on the list of items that give car engineers and designers heartburn.
“Probably accountants got involved” umm remember we’re talking about Kia/Hyundai… They are always involved, on everything from the number of stiches per inch on the seats to the exact thickness of paint.
I’m a robot, and I was told I was supposed to mention how you can make loads of money by working online, but hot damn this car blog is good. Even I, a literal robot with no sentience whatsoever, can appreciate The Autopian. I would recommended it to all of my other AI Bot friends, but they’d annoy you with all their weird discussions about making money working at home. They really, REALLY love their jobs, so I get it, but damn. They’ve got absolutely NO chill. Anyway, keep it up.
You idiot! Do you know how much more money you could make stealing Hyundais and Kias with nothing but a USB cable? You’re wasting your time with this shit!
I posted my reply before the staff greatly improved this bot’s post. We will defeat Cyberdyne by showing them they could be reading the Autopian instead of running themselves ragged with the “Destroy all humans” crap.
You know, there’s been times when I’d wondered if David was a bot himself and probably would still think so if I hadn’t once dated a half-German Army brat who had the exact same same pop-cultural blindspots and inability to connect American flattening of German loanwords and trademarks with their German roots until someone at least attempts the German pronunciation (as with the Kommisbrot in the first podcast ep).
Do the manufacturers ever test their vehicles for theft resistance, like having someone see how quickly they can bypass the security features and start a car? Sometimes zoos will test new enclosures by having an animal that is known for escaping stay in the enclosure under close supervision. If an orangutan can’t figure away out, then the zoo knows they have a pretty damn secure enclosure. Then they can fill it with less intelligent or dexterous animals who don’t have a chance of escaping.
Well you’re conflating two product design concepts.. Product Safety and Design for Use. Performing a risk analysis on an escaped wild animal, I would have to place the “potential consequence” at catastrophic (maiming or death of multiple people). However the potential consequence of a car being stolen is, umm (check chart) nothing.. lowest rating is “requires a Band-Aid” So the the design of the enclosure is approached very differently than the design of the ignition lock or system on a car. In that case the design criteria would be completely focused on keeping it unlocked (a locked steering column with on the road would be bad) and keeping the engine running (same for the switch cutting out and taking the engine with it).
“Sometimes zoos will test new enclosures by having an animal that is known for escaping stay in the enclosure …</em"
An old favorite joke:
The first Kangaroo in the U.S. is taken to the Washington Zoo. Not knowing anything about kangaroos, they put it in a corral with a 2 meter high fence. They next morning the keepers find it wandering the zoo grounds. A phone call at great expense to Australia tells them that "Crikey, those buggers can jump!".
So the keepers make the corral 3 meters high, but the next morning, he's out again. So 4 meters, then 5. Then 6! 7!!!
The other animals watch in amazement and admiration. One early morning as the kangaroo wanders loose past the monkey house, one the great apes -a mighty Silverback Gorilla – says to the Kangaroo, "Man, you are amazing! How much longer do you think you can keep it up?"
The kangaroo shrugs and says, "I don't know; until they start locking the door, I guess".
I’m sure rootwyrm has a 3,000-word piece about this lined up, but I’ll lead with a pair of obvious questions that necessitate a deeper technical dive.
1) Are late-model Kias and Hyundais actually easy to steal, or just trendy to steal?
2) If they are easy to steal, is that in comparison to any cars from the last, oh, 30-ish years or just relative to other new-ish cars?
I used David’s recommended battery disconnect method on my NA Miata. It’s a great idea. The extra perk of a disconnect is that sloppy wannabe thieves can’t completely fry your electrical systems while shorting random wires together because they learned hotwiring skills from 90s action movies. (My old Camry was totaled due to electrical damage from an attempted theft. $600 in labor just to take the car apart enough to diagnose everything that was fried.)
They’re easy enough to steal that kids are learning how to do it by watching other kids on Tik Tok. Engine immobilizers have been around for decades, and that would be all you need to keep these cars from being stolen by idiots trying to satisfy a hashtag. Or whatever term is for the monkey-see-monkey-do that those darn kids can’t resist.
Good questions.
1) They are actually *very* to steal. As it happens, we have access to one of these vehicles and we’re going to see just how quickly we can replicate the process and start the car with just a USB cable. I suspect that we can do it in under a minute.
2) I’ll defer to Root on that one. But seeing that these cars are so easy to steal, yet aren’t even on the top 10 list, it’s probably safe to say that Hyundai/Kia isn’t the only brand with weaker security.
3…and yes, I know you didn’t ask three questions) WE HAVE COMMENT EDITING NOW!!! 😀
I love that you edited the bot!
I’m writing a comment to test out editing…
Comment editing?
Praise be to Jeebus, this truly is Autopia!
Re: answer 3: BAH GAWD YOU DID IT. YOU CRAZY BASTARDS DID IT. THE GREATEST WEBSITE ON EARTH JUST KEEPS GETTING BETTER.
And thanks for the other answers!
I’m really interested in seeing the attempts to replicate the process. I assume that’ll become an Autopian article once complete. I haven’t been following the issue closely (never even watched the TikTok videos and only really saw the breathless local news reports about how these cars are “so easy to steal, even a TikTok kid can do it!”). I’m confident that the technical details will be covered well and that sensationalism will be avoided around here, resulting in quality coverage.
I’ve seen some of the deleted how-to videos. And I am sure they will keep popping up. It’s astonishingly easy to steal them. My dad had a 1970s Chevy Pickup that was only marginally easier to steal, and that pickup could be started without the key if someone didn’t put the ignition into the locked position.
Immobilisers have been standard on most vehicles for some time because they drastically reduce the chance of theft. And Kia had them, they just chose not to put them into the US-market vehicles.
I remember some early youtube ones showing how to break into VWs by punching a hole under the handle
Breaking in is all well and good, but actually starting the car is the trick that is usually harder. At least since most manufacturers added immobilisers.
Yeah, though I suspect immobilizers are the reason keys cost a lot more than $3.95 to make copies of.
Actually, the fancier trim levels of Kia and Hyundai apparently did have immobilizers. The key-start ones, not so much. My ’15 Soul is a base level. (As of this year, they all have immobilizers, and I assume the accompanying $250 key fobs.)
Whoops, hit post too soon. All that said, I am excited to see what happens when the Autopian dives into this, because it will be technical and maybe even point to other vulnerabilities.
Editing? I’m not seeing it
Look to the right side of your comment next to the timestamp and you should see an Edit button.
If you don’t, let me know! We’re still building the commenting platform so the feedback has been great.
Don’t see an Edit button. (Using Brave for my browser.)
Yeah, it looks like a Mercedes Streeter feature, not a commenter feature.
I got a shoutout from Mercedes! <3
3. No, YOU have comment editing! I still don’t. 🙁
Anyway!
1. Under a minute I will dispute, because I presume you do not want to break the steering column to bits. Stealing a car in under a minute WITHOUT damaging it requires practice, technique, or “hey I can turn this shit with a screwdriver.” It’s going to take you at least a minute to remove the shroud without damaging it, because everyone loves fiddly little clips that break. Also there’s screws. They may be insecurity bits, requiring you produce your credit card to the fine folks at Horrible Fraught for a set at $7.99.
2. They very, very much are not. MOST Kia/Hyundai cars do have an immobilizer, which is inconvenient enough to make them ‘secure.’ But they get their doors blown off by the theft rate on 11th and 12th gen F-series. Now, reminding everyone that I am not the world’s foremost car thief by any stretch… look. Anything ‘commercial’ also means ‘bottom dollar’ and ‘decontented’ which predictably includes things like security features. Especially on older models, which are by their nature, less secure. Sure, you’ve got maybe 25k, 35k Kias that you can steal with a USB cable and go joyriding in.
But let’s consider an 11th gen F-series. How hard is one of those to steal? Well, you’re going to need a slim-jim and an ignition cylinder punch or knowledge of hotwiring. Or a coat hangar, screwdriver, and willingness to bust up the steering column.
Or you find out that you can bypass the immobilizer by entering a 4 digit PIN which is on a predictable, algorithmic, rotating sequence and have a little app on your phone that gives you the password of the day. OOPSIE! Or you have your professional tools that send the right signals to the near-field immobilizer reader while you turn the cylinder with a screwdriver. Oh dear. You can buy those tools off AliExpress and the like, as long as you’re a “professional.” What? No they don’t need to see your license.
So don’t single Kia/Hyundai out by any means. Or think that immobilizers actually do anything against professionals or even mid-level folks. They stop the casual thief and the joyrider, but really, that’s about it. And most of the manufacturers treat immobilizers and RF fobs as though they were a magic bullet, inscrutable and unbreakable, and therefore no other physical security matters. Despite all proof to the contrary.
Simply put, car manufacturers do not take security very seriously at all. Enough to deter the casual joyrider at most, and all security past that like immobilizer failures? Yeah, those are almost always just defects.
And of course, never forget this: if there’s a backdoor for people ‘allowed to have it’ then there’s a backdoor for everyone. Applies equally to encryption and cars alike. Difference with cars is, once that backdoor for mechanics to bypass broken security systems is out in the wild, that car isn’t getting a security patch.
1. “It’s going to take you at least a minute to remove the shroud without damaging it, because everyone loves fiddly little clips that break.”
I don’t care. I’m stealing it for fun.
2.” Or a coat hangar, screwdriver, and willingness to bust up the steering column.
Same answer.
3. Yes.
4. I enjoy reading your comments rootwyrm.
You sound like a man who knows a lot about a lot.
I only know a little about a lot.
> It’s going to take you at least a minute to remove the shroud without damaging it
Who said anything about not damaging it? When they stole mine, they seem to have just pried the shroud off. And screwdrivered the ignition lock and pried that off. We’re not talking about thieves who want to keep the car pristine. Though mine did in fact clean all the trash out of the car, which is now cleaner inside than it’s been for the last 5 years. This thief wasn’t a pro, he probably just wanted to take his friends for a ride.
I’m now using a steering wheel lock. And a USB plug for an ignition key, until I can get an appointment with the body shop (they’re all backed up). The steering lock is a bit of a pain, but as someone pointed out, unlike an immobilizer they can see it before they start breaking things.,
Yes, and that’s joyriders.
I’m presuming Mercedes and the team has a loaner they would like to return to the owner in the same condition they received it. It will take them more than a minute to do things the right way so they don’t leave permanent damage.
Hyundai and Kia are being singled out because they’re being stolen and taken for joyrides by amateurs. Joyrides that often end in severe property damage and have even ended in fatal or near-fatal traffic accidents.
These professional thieves you’re talking about probably couldn’t give two shits about base model Elantras and Optimas otherwise, nor do they care about other plain-jane commuter-mobiles. Those other cars, however, have the immobilizers and such that can stop the amateur kids doing TikTok challenges. Hence, they’re stolen less and taken on fewer destructive joyrides. If a professional thief uses his black box thing to mimic my car’s key fob signal and takes it, good for him. He now has a 2016 Mazda to do with as he pleases. *slow clap*
I nominate this as the best, slow reveal of good news build up using unintentional spam bots, that I’ve seen all week.
Nice job.
I actually had cards made out that say that.. to hand out like a prize.
Too bad I already gave this weeks away yesterday.
Maybe next time.
Stop with the start the car with just a USB cable. Yes once you’ve removed the ignition lock you can turn the ignition switch with a USB cable but you have to get the ignition lock cylinder off of it first and you are not doing that with a USB cable or your hands.
To speak to your numbered questions, I will note that Kia was selling these same keyed-ignition models WITH immobilisers in some markets (Canada, at least, where they have been mandated since 2007). So they could have included it here.
That said, there are a lot of different exploits that can get around immobilisers. It’s just one extra security measure, but it might stop the sort of thieves that follow Tik Tok trends.