Kia Niro Forum banner
  • Welcome to the Kia Niro forum! We discuss all models of the Niro, including the Hybrid, PHEV and EV versions. We are glad you stopped by. Feel free to browse the various topics, along with out FAQs. To enable posting, you need to register for a user account. There is no cost for this. Just click in the upper right corner where it says Login/Join. We look forward to your continued parcipitation.
1 - 8 of 8 Posts

· Registered
2023 Niro SX
Joined
·
228 Posts
Discussion Starter · #1 ·
Yesterday, Google's Project Zero security team released an alarming security bulletin:
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

Affected devices include:
  • Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series;
  • Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
  • The Pixel 6 and Pixel 7 series of devices from Google; and
  • any vehicles that use the Exynos Auto T5123 chipset. [emphasis, mine]
This is not a rhetorical question: Since both Kia and Samsung are Korean companies, it seems highly likely that they would use the Exynos Auto T5123. Is there any risk that any Kia vehicles are at risk? If yes, I can't imagine how it would be fixed, other than through a software update. I activated Kia Connect last month, so it seems that my 2023 Niro has some internet connectivity, but is not equipped for Wi-Fi hotspot.
 

Attachments

· Registered
2021 Niro PHEV EX
Joined
·
210 Posts
Bit troubling because Google has released info only on some of the associated vulnerabilities. Less so because specifically wi-fi calling and/or VoLTE must be enabled in a phone for the published vulnerabilities to be exploited.

Don't the '23 SX models lack wi-fi? Good luck finding out what Kia uses in their vehicles. Someone who can have a look at the infotainment main or wifi mez card (wherever they put it) might be able to play "spot the chip."
 

· Registered
2023 Niro SX
Joined
·
228 Posts
Discussion Starter · #3 ·
They must have some Wi-Fi capability, or the car wouldn't be able to tell my phone that the doors are unlocked, and I wouldn't be able to use my phone to start it remotely.

Because my phone is a Pixel 6a, it is on the list of affected devices, and I have removed its SIM. I just pinged the car with the Kia Access app over Wi-Fi, which reports that it's parked 5 miles away at a local high school, exactly where I expect it to be. The doors were unlocked, so just for fun, I locked it, and received an email confirmation.
 

· Registered
2021 Niro PHEV EX
Joined
·
210 Posts
They must have some Wi-Fi capability, or the car wouldn't be able to tell my phone that the doors are unlocked, and I wouldn't be able to use my phone to start it remotely.
The data path between your phone (Kia Access) and the car looks approximately like this:

Car (cell module) <--> cell network <--> Kia Access/Hyundai BlueLink service/call center <--> Internet <--> your Android or IOS device app and the owners.kia.com web site

The car talks to the mfr. via the cell network - 4G/LTE on mine, and is continuously subscribed via some kind of (I guess) bulk service to Kia/Hyundai. That hop above from the Internet to the device may be Wi-Fi for some people, and it works just the same with one's phone on cell data.

My car - assuming it's representative among those that include wireless CarPlay and Android Auto, has an extremely low power 5.7 GHz Wi-Fi transceiver - separate from the cellular part, that appears intended to work only inside the car. It provides a very weak signal even near the dashboard. I haven't yet checked if it's using Wi-Fi direct or access point mode, and it's encrypted. My phone automatically does a Bluetooth to Wi-Fi handoff when Android Auto starts. All of this is separate from Kia Access.

The only other wireless data communication we have with the car is via the key fob, and it uses a proprietary protocol on two relatively low frequencies.
 

· Registered
2023 Niro SX
Joined
·
228 Posts
Discussion Starter · #5 ·
The data path between your phone (Kia Access) and the car looks approximately like this:

Car (cell module) <--> cell network <--> Kia Access/Hyundai BlueLink service/call center <--> Internet <--> your Android or IOS device app and the owners.kia.com web site.
Thanks for the detailed explanations. That suggests that IF Kia has used the Exynos Auto T5123 chipset in any of their vehicles, they could theoretically be at risk. Fingers crossed.
 

· Registered
2023 Niro SX
Joined
·
228 Posts
Discussion Starter · #7 ·

· Registered
2021 Niro PHEV EX
Joined
·
210 Posts
That chipset was just for cars.
Indeed. I mentioned it to note here are other Exynos chipsets with at least some of the same vulnerabilities, for the benefit of anyone reading whose phone might be affected.

I read up as much as I could on this for publicly available info. The dark web is the next place once might go for more, and I didn't. Unfortunately there are many details not (yet) released, because as usual the vendors are first being given an opportunity to develop, test and release security updates.

First, the Exynos Auto T5123 is a quite new chipset, touted for high-bandwidth 5G connectivity: I couldn't find a date on its first use, though looks to me like it has been in the past year or two.

Second, I'm pretty sure well before that chipset was even announced, Hyundai Motor Group started migrating to an NVIDIA platform for their vehicle infotainment, e.g.: Hyundai Adopts Nvidia Parker ‘System On A Chip’ For Infotainment
The date on that is about 2.5 years ago.

Unless someone has info to the effect that Hyundai Motors has recently used a Samsung Exynos chipset and specifically the Auto T5123: I'm considering it N/A.
 
1 - 8 of 8 Posts
Top