![How to Use AI as a Productivity Tool with Mike Kaput [MAICON 2025 Speaker Series]](https://www.marketingaiinstitute.com/hubfs/v2MAICON-Speaker_Series.png)
![[The AI Show Episode 152]: ChatGPT Connectors, AI-Human Relationships, New AI Job Data, OpenAI Court-Ordered to Keep ChatGPT Logs & WPP’s Large Marketing Model](https://www.marketingaiinstitute.com/hubfs/ep%20152%20cover.png)
![[DEALS] Internxt Cloud Storage Lifetime Subscription: 10TB Plan (87% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Designing a Robust Modular Hardware-Oriented Application in C++ [closed]](https://i.sstatic.net/f2sQd76t.webp)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_designer491_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![iPad Air vs reMarkable Paper Pro: Which tablet is best for note taking? [Updated]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/ipad-air-remarkable-paper-pro.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![What Gemini app features are free versus paid? [June 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/01/gemini-android-5.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple M4 Mac Mini Back on Sale for $499 [Deal]](https://www.iclarified.com/images/news/97617/97617/97617-640.jpg)
KIA Ecuador Keyless Entry Systems Vulnerability Exposes Thousands of Vehicles to Theft
A significant security vulnerability has been discovered in KIA vehicles sold in Ecuador, potentially affecting thousands of cars and exposing them to sophisticated theft techniques. Independent hardware security researcher Danilo Erazo has identified that KIA-branded aftermarket keyless entry systems used in Ecuador employ outdated technology that makes vehicles vulnerable to replay attacks and signal cloning. […] The post KIA Ecuador Keyless Entry Systems Vulnerability Exposes Thousands of Vehicles to Theft appeared first on Cyber Security News.
A significant security vulnerability has been discovered in KIA vehicles sold in Ecuador, potentially affecting thousands of cars and exposing them to sophisticated theft techniques.
Independent hardware security researcher Danilo Erazo has identified that KIA-branded aftermarket keyless entry systems used in Ecuador employ outdated technology that makes vehicles vulnerable to replay attacks and signal cloning.
The vulnerability, designated as CVE-2025-6029, affects KIA vehicles in Ecuador from 2022 through 2025, including popular models such as the Soluto, Río, and Picanto.
The core issue stems from KIA Ecuador’s use of learning code technology instead of the industry-standard rolling code systems that have been widely adopted since the mid-1990s.
KIA Ecuador vehicles from 2022 and early 2023 utilize the HS2240 chip, while 2024 and 2025 models employ the EV1527 chip, both of which implement learning codes rather than secure rolling codes.
This technological choice creates multiple attack vectors that criminals can exploit to gain unauthorized access to vehicles.
Multiple Attack Methods Demonstrated
Erazo’s research, presented at prestigious security conferences including DEFCON32 in Las Vegas and Ekoparty 2024 in Buenos Aires, demonstrates several concerning attack methods.
The learning code system allows attackers to perform brute force attacks against approximately one million possible fixed codes, with the probability of success increasing because vehicles can store up to four learning codes simultaneously.
More alarmingly, criminals can capture radio frequency signals from legitimate key fobs and replay them to unlock vehicles, since the codes remain static and do not change with each use.
The researcher also discovered that attackers can install backdoor codes on vehicle receivers, essentially programming their own keys to work with targeted vehicles.
To demonstrate these vulnerabilities, Erazo developed AutoRFKiller, a Python-based tool utilizing GNURadio modules and HackRF software-defined radio devices. This tool can unlock any vehicle using learning code key fobs and also incorporates attacks against rolling code systems.
The implications extend beyond individual vehicle theft. The research reveals a significant collision problem where one vehicle’s key fob could potentially open another vehicle or garage door using the same learning code technology.
This risk is amplified by the limited range of possible combinations and the widespread use of similar chips across different manufacturers and applications.
Despite reporting the vulnerability to KIA Ecuador in May 2024, no remediation efforts have been implemented. The case is now being managed with support from the Automotive Security Research Group (ASRG), a non-profit organization that assists in reporting vehicle vulnerabilities globally.
The researcher emphasizes that this issue likely extends beyond Ecuador, estimating that other Latin American countries may also be implementing similar vulnerable key fob systems. This highlights a broader regional problem where vehicles assembled locally may not undergo adequate security analysis of installed components.
Security experts recommend that consumers demand rolling code technology in their vehicle key fobs and consider replacing learning code systems with more secure alternatives. The continued use of outdated fixed code technology in 2024 and 2025 model years represents an unacceptable security risk that puts vehicle owners at unnecessary risk of theft.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
The post KIA Ecuador Keyless Entry Systems Vulnerability Exposes Thousands of Vehicles to Theft appeared first on Cyber Security News.
