Cross-posting from the IONIQ forum because I think posts like this need attention so Hyundai takes action on these thefts.
I’ve owned my IONIQ 5 for just over a year, and unfortunately, this weekend, I learned the hard way how vulnerable the car’s security system is.
After a nice dinner Saturday night, I’d barely been home for 15 minutes when I got a “Deactivation successful” alert from Bluelink. I rushed to the window and, as feared, my car was gone.
I called the police but didn’t have high hopes based on past experiences with them. Luckily, I had hidden a couple of AirTags in the car with the speakers removed. Still, I didn’t get any updates for a while. I assume the thieves had some signal jamming tech. However, the next morning, the AirTags pinged a new location only 10 minutes from where it was stolen. My guess is that they parked it to check if it was being tracked, planning to move it later if no one came looking.
Hyundai? They weren’t much help, of course. Their response was more focused on passing the blame to customers rather than addressing the issue.
Instead of prioritizing basic security updates, Hyundai’s been busy adding sports scores to infotainment systems. They could easily allow users to disable keyless entry or add a PIN-to-drive feature, like other manufacturers do. But nope.
Charlie said:
I don’t quite get how this works. The IONIQ 5 doesn’t need a key? How are they starting it? Are they hacking the system?
It’s keyless. If you have the key fob, it unlocks when you get close, and there’s no key slot—just a start/stop button. You can also use a phone app instead of the fob. The issue is that it’s relatively easy for thieves to spoof the system and steal the car without needing the key.
@Blake
Apparently, this method disables the unlock feature on approach but doesn’t stop the door handle button from unlocking the car, which isn’t great. I tried it on my US model but still couldn’t fully disable keyless entry.
Peyton said:
Can we sue Hyundai for this? Seems like a major security flaw.
Yes, they’ve already been sued over similar issues, like the lack of immobilizers in some models. I believe there’s been both a class action and some lawsuits from state attorneys.
To everyone suggesting adding a PIN or password to protect the car, that’s not going to stop this. Once the system is hacked, no amount of passwords will help. It’s like trying to protect your computer with more logins—if someone bypasses the core system, it doesn’t matter how many login screens you add.
Hyundai needs to rethink their entire security system. The car is a computer now, and it’s vulnerable like one.
@Reynolds
Most computer hacks are due to user mistakes, not brute force attacks. That said, Hyundai does need to improve security, but blaming it on software alone is oversimplifying things.
Tan said: @Reynolds
Most computer hacks are due to user mistakes, not brute force attacks. That said, Hyundai does need to improve security, but blaming it on software alone is oversimplifying things.
That’s true, but cars like the IONIQ 5 are far more vulnerable than older, non-digital vehicles. Sure, social engineering plays a role, but the fact that someone can stand next to your car with a device and steal it in minutes is a serious issue. Other EVs like Teslas or Volvos don’t seem to have this problem, so what’s Hyundai doing wrong?
@Reynolds
Exactly. Hyundai’s implementation of keyless entry is just poorly executed. Other brands have much stronger immobilizers, and thieves can’t just walk up with a wireless repeater and steal the car like they can with Hyundai. It’s not about adding more passwords—it’s about designing better systems from the start.
@Reynolds
Other brands face thefts too, especially with relay attacks, but Hyundai’s vulnerability to the Gameboy hack is a big issue. Hyundai needs to step up.
@Reynolds
The PIN-to-drive feature that Tesla has is a great solution. I haven’t seen any reports of it being bypassed, and it’s a good deterrent because it’s not easy to crack. Hyundai should offer something similar.
