Word of warning to all Ioniq 5 owners. My new car was stolen off my drive, presumably with a cloned key. it is a mystery how they managed to clone the key as we keep it in the house well away from the car. Gone in 30 seconds!! We heard of another one being stolen a week later a few miles away.
I am shocked the manufactures still cannot provide sufficient security to stop this happening. There is more security on my iPhone. A simple pin number entered on the screen before the car will start would be sufficient .
The supplier has suggested I buy a steering lock and a faraday box for the replacement car, which I will, but a steering lock is a backward step which I had on cars 20 years ago.
if the car had proper security in the first place aftermarket security should not be necessary. Now I will need to keep looking over my shoulder when I open the car to make sure no one is near enough to clone the key!!
security
If I'm not mistaken, all modern cars with keyless entry/start are prone to this, not just Hyundai/Kia. I've seen it often on Channel 5 cop reality shows ... thieves use a device to send thousands of queries from your driveway seeking a response from your smart key (said response being to unlock/start) ... then they are away in seconds. Only solution seems to be to keep all such keys in Faraday pouch or bag (I've used a pouch for years on my normal use key and another on my spare key ... you can check their effectiveness by making sure that you cannot open your car (even when standing beside it) with the key in the pouch). Sorry to hear your tale of woe. Hopefully your insurance pays up immediately and you get a new car promptly.
There are three different attack approaches being used and all the EGMP based cars (Ioniq5/6, Kia EV6 and Genesis GV60) are currently susceptible to all three approaches.
Relay Attack
The common relay attack (which is widely publicised). One device takes the signal from your key fob amplifies it and send it to another close to your car. The car simply sees the correct expected signal and opens and starts.
This can me mitigated by keeping your keys in a container that does not allow wireless signals to leak out - a Faraday box.
Key Cloning
This approach requires access to your key to simply make a digital copy, which for all intents and purposes is then identical to the original.
Careful who you give your key to.
Key Emulator
A device is placed close to the car to receive the car's signal. The device then takes between 10 and 120 second approximately to find the correct signal to unlock the car and this can then be saved for later use.
A secondary authentication system is needed to prevent the car from starting, but if this is hooked into Bluelink that can be disabled once access to the car has been gained. There's not much apart form physical krooklock type approach that can help here.
Relay Attack
The common relay attack (which is widely publicised). One device takes the signal from your key fob amplifies it and send it to another close to your car. The car simply sees the correct expected signal and opens and starts.
This can me mitigated by keeping your keys in a container that does not allow wireless signals to leak out - a Faraday box.
Key Cloning
This approach requires access to your key to simply make a digital copy, which for all intents and purposes is then identical to the original.
Careful who you give your key to.
Key Emulator
A device is placed close to the car to receive the car's signal. The device then takes between 10 and 120 second approximately to find the correct signal to unlock the car and this can then be saved for later use.
A secondary authentication system is needed to prevent the car from starting, but if this is hooked into Bluelink that can be disabled once access to the car has been gained. There's not much apart form physical krooklock type approach that can help here.
-
Ioniq5widow
- Posts: 1
- Joined: Thu Nov 16, 2023 8:59 am
Hi Stephen. Just came across it. It's a growing problem, Hyundai are aware of it but doing nothing. Have you seen this thread on Twitter?
We have a growing group of owners like us who lost our cars and got no support or answers from Hyundai. Can you join us? If you want, you can message me here or message the guy on that thread who coordinates it - Robert Whiteside
We have a growing group of owners like us who lost our cars and got no support or answers from Hyundai. Can you join us? If you want, you can message me here or message the guy on that thread who coordinates it - Robert Whiteside
Hi. Our Ioniq 5 was stolen two nights ago presumably via the emulator method as the keys were in a faraday pouch and the car was on the street (not drive). As per the usual modus operandi, they deleted the Bluelink account after gaining access - which is obviously a ridiculous security flaw (why is the registered account not asked to confirm deletion - eg via email?).
When I became aware first thing yesterday morning, I called the police, my insurer and then Hyundai in that order. I am very pleased and relieved to report that my car was located later yesterday, parked in a secluded cul-de-sac a few miles away. I was contacted by the police and asked to come and collect it.
I don’t know exactly how they located it but I assume Hyundai were able to do something (track it remotely?) and contact the police.
Interestingly, the thieves had removed the three plastic pins on the interior roof above the back seat and had disconnected the antenna fin. Presumably this is to try to prevent anyone tracking the car (at least initially). It is fairly easy to rectify this without needing to take it to the dealer.
So I have been extremely fortunate. But this again highlights the fundamental security issues that these cars have. I have now bought a steering wheel lock and will hide multiple apple air tags in the car, but it strikes me as slightly absurd that I need to resort to these retrograde tactics.
When I became aware first thing yesterday morning, I called the police, my insurer and then Hyundai in that order. I am very pleased and relieved to report that my car was located later yesterday, parked in a secluded cul-de-sac a few miles away. I was contacted by the police and asked to come and collect it.
I don’t know exactly how they located it but I assume Hyundai were able to do something (track it remotely?) and contact the police.
Interestingly, the thieves had removed the three plastic pins on the interior roof above the back seat and had disconnected the antenna fin. Presumably this is to try to prevent anyone tracking the car (at least initially). It is fairly easy to rectify this without needing to take it to the dealer.
So I have been extremely fortunate. But this again highlights the fundamental security issues that these cars have. I have now bought a steering wheel lock and will hide multiple apple air tags in the car, but it strikes me as slightly absurd that I need to resort to these retrograde tactics.
Hi Matt - sounds like a semi-lucky escape.
Just out of interest, which steering wheel lock did you go for in the end?
Assume you know to take the speaker out of the AirTag? If not, plenty of videos on YouTube.
Some sticky back Velcro attached to the AirTag can really help put it in a not so easy to find place.
I did quite a few experiments with hiding places - location makes a massive difference to the distance at which the phone can detect the signal. Obvious I know, but deffo worth spending a bit of time playing around.
Just out of interest, which steering wheel lock did you go for in the end?
Assume you know to take the speaker out of the AirTag? If not, plenty of videos on YouTube.
Some sticky back Velcro attached to the AirTag can really help put it in a not so easy to find place.
I did quite a few experiments with hiding places - location makes a massive difference to the distance at which the phone can detect the signal. Obvious I know, but deffo worth spending a bit of time playing around.
Hi Matt - my Ioniq 5 was stolen from outside my house a week ago, on Tuesday - the day after yours. Could it be the same operation (London)?
A week later, it has not been recovered.
I called Hyundai but they said they couldn't track it - who did you speak with (DM me if you'd prefer)?
Similar to you, they disabled Bluelink straight away.
A week later, it has not been recovered.
I called Hyundai but they said they couldn't track it - who did you speak with (DM me if you'd prefer)?
Similar to you, they disabled Bluelink straight away.
