Summary: On a number of their base models for some years, they didn’t include an engine immobilizer. The result is that one can break a window, use a screwdriver to quickly break open the steering column, yank out the ignition column, stick a USB charger plug in, turn, and the vehicle starts. In the Columbus and Milwaukee area, the “Kia Boys”, a group of kids and young teens – male, black, 12-14 – popularized stealing Kias on TikTok, with the “Kia Challenge”, where one steals a Kia and posts it to TikTok. They steal tens of thousands. The young age means that penalties are light. The vehicles generally aren’t stolen for parts or use, but to joyride in, often wind up wrecked. People in area generally buy steering wheel locks. Kia and Hyundai agree to start putting immobilizers in again.
I drive a Sonata, but this says it only affects models without a pushbutton start. I assume I would’ve been contacted if my model had this issue, but I’ll have to look into it.
The CRV is reasonably secure, so this means the thieves are actually very organized and have technical know-how to steal the cars? Or do they simply load the car into a flatbed and drive away?
The doors can be unlocked using a relay attack done with off the shelf radio gear. Once the doors are open a new keyfob can be paired to the car using more off the shelf tools and another relay that makes the car think the owners fobs are in the vehicle. The whole process takes 5 minutes and can be done by an unskilled person. I have video of the whole process happening in my driveway.
And I am not saying that proprietary tools are the answer. Requiring literally ANY user interaction with the keyfob to unlock the door OR when pairing new fobs to the car would prevent the majority of thefts. Requiring the manufacture to digitally sign fobs when pairing to a car would prevent this. Given that ALL of these vehicles come with wireless communication, whether it is enabled for you or not, having a remote disable would prevent stolen vehicles from being moved around.
Whether by ignorance or cost cutting Honda is 100% responsible for the complete lack of security features on their vehicles.
The doors can be unlocked using a relay attack done with off the shelf radio gear. Once the doors are open a new keyfob can be paired to the car using more off the shelf tools and another relay that makes the car think the owners fobs are in the vehicle.
Aren’t basically all cars in the market like this? Which mass produced car models are currently not susceptible to relay attack? Why does the thief target CRV specifically if they have tools that can steal other cars as well?
The whole process takes 5 minutes and can be done by an unskilled person
Where did that unskilled person get the necessary tools to learn this stuff? The tools to reprogram new fobs are probably expensive and mere thugs probably won’t spend their money to buy one themselves. This seems to indicate a presence of underground organized crime rings that go around recruiting people to steal cars for them.
I think it’d be more interesting to adjust for the number of units sold.
Otherwise, a lot of that is just going to be due to correlation with the number of units sold.
I don’t know how reliable these numbers are, but Hyundai/Kia have a known weakness that makes them super easy to steal.
https://www.thedrive.com/news/these-hyundai-and-kia-models-are-blacklisted-by-state-farm-insurance-over-thefts
reads a few articles
Summary: On a number of their base models for some years, they didn’t include an engine immobilizer. The result is that one can break a window, use a screwdriver to quickly break open the steering column, yank out the ignition column, stick a USB charger plug in, turn, and the vehicle starts. In the Columbus and Milwaukee area, the “Kia Boys”, a group of kids and young teens – male, black, 12-14 – popularized stealing Kias on TikTok, with the “Kia Challenge”, where one steals a Kia and posts it to TikTok. They steal tens of thousands. The young age means that penalties are light. The vehicles generally aren’t stolen for parts or use, but to joyride in, often wind up wrecked. People in area generally buy steering wheel locks. Kia and Hyundai agree to start putting immobilizers in again.
None of the affected models are Sonatas though, despite them being number 2 in this list of stolen cars.
2011–2019 Sonatas are also affected, according to this article:
https://www.caranddriver.com/news/a43941743/hyundai-kia-vehicle-theft-settlement/
Huh, good to know. Thanks for the link!
I drive a Sonata, but this says it only affects models without a pushbutton start. I assume I would’ve been contacted if my model had this issue, but I’ll have to look into it.
In 2022 more than 1% of CRVs were stolen in Canada! More than 1 in every 100 fucking CRVs!
https://www.guideautoweb.com/en/articles/72689/honda-cr-v-once-again-leads-top-10-most-stolen-vehicles-in-canada/
The CRV is reasonably secure, so this means the thieves are actually very organized and have technical know-how to steal the cars? Or do they simply load the car into a flatbed and drive away?
The CRV has dogshit security.
The doors can be unlocked using a relay attack done with off the shelf radio gear. Once the doors are open a new keyfob can be paired to the car using more off the shelf tools and another relay that makes the car think the owners fobs are in the vehicle. The whole process takes 5 minutes and can be done by an unskilled person. I have video of the whole process happening in my driveway.
And I am not saying that proprietary tools are the answer. Requiring literally ANY user interaction with the keyfob to unlock the door OR when pairing new fobs to the car would prevent the majority of thefts. Requiring the manufacture to digitally sign fobs when pairing to a car would prevent this. Given that ALL of these vehicles come with wireless communication, whether it is enabled for you or not, having a remote disable would prevent stolen vehicles from being moved around.
Whether by ignorance or cost cutting Honda is 100% responsible for the complete lack of security features on their vehicles.
Aren’t basically all cars in the market like this? Which mass produced car models are currently not susceptible to relay attack? Why does the thief target CRV specifically if they have tools that can steal other cars as well?
Where did that unskilled person get the necessary tools to learn this stuff? The tools to reprogram new fobs are probably expensive and mere thugs probably won’t spend their money to buy one themselves. This seems to indicate a presence of underground organized crime rings that go around recruiting people to steal cars for them.