KIA Ecuador Keyless Entry Vulnerability Risks Mass Vehicle Theft

A critical security vulnerability discovered in KIA Ecuador vehicles manufactured between 2022 and 2025 has exposed thousands of cars to potential theft through exploitable keyless entry systems.

Independent hardware security researcher Danilo Erazo identified that these vehicles use outdated learning code technology instead of the industry-standard rolling codes, making them susceptible to multiple attack vectors including signal cloning, brute force attacks, and unauthorized backdoor access.

The vulnerability, designated as CVE-2025-6029, affects KIA Soluto, Río, and Picanto models equipped with key fobs containing either HS2240 or EV1527 chips.

Unlike modern rolling code systems that generate random codes with each use, these learning code systems employ fixed codes that remain constant, creating significant security gaps.

Erazo’s research, presented at DEFCON32 2024 and Ekoparty 2024, demonstrated that these systems are fundamentally vulnerable to replay attacks where captured radio frequency signals can be cloned and reused indefinitely.

The technical analysis revealed that learning codes operate within a limited range of approximately one million possible combinations, with vehicles typically accepting up to four different codes simultaneously.

This design choice, while simplifying the pairing process between key fobs and vehicles, creates multiple vulnerabilities that attackers can exploit through various sophisticated methods.

KIA Ecuador Keyless Entry

Erazo’s research identified several critical attack methods that compromise vehicle security.

Brute force attacks can systematically test all possible code combinations, with success probability increasing due to the simultaneous acceptance of multiple learning codes.

Signal capture and replay attacks allow criminals to intercept legitimate key fob transmissions using radio frequency equipment and subsequently clone the signal to gain unauthorized vehicle access.

Perhaps most concerning is the backdoor vulnerability, where malicious actors can program additional learning codes into vehicle receivers during the production chain or through unauthorized access.

This creates persistent security compromises that remain undetected by vehicle owners while providing criminals with ongoing access capabilities.

The researcher developed AutoRFKiller, a Python-based tool utilizing GNURadio modules and HackRF SDR devices, demonstrating the practical exploitation of these vulnerabilities.

The tool’s effectiveness highlights the severity of the security gaps and the ease with which attackers can compromise affected vehicles.

Industry-Wide Security Upgrades

Despite reporting the vulnerability to KIA Ecuador in May 2024, remediation efforts have been unsuccessful, prompting collaboration with the Automotive Security Research Group for broader industry awareness.

The lack of response reflects broader challenges in automotive cybersecurity culture within Ecuador and Latin America, where security analysis of key fob systems is often overlooked during vehicle assembly processes.

The vulnerability extends beyond individual vehicle security, creating collision risks where one vehicle’s key fob might inadvertently operate another vehicle or garage door system using similar learning code technology.

This global collision problem is exacerbated by chip manufacturers using identical code ranges across different devices and applications.

Erazo recommends immediate replacement of learning code key fobs with rolling code alternatives and advocates for consumer demands requiring modern security standards in vehicle keyless entry systems.

The research underscores the urgent need for automotive manufacturers to prioritize cybersecurity measures that have been industry standards since the 1990s, rather than conditioning warranties on the installation of demonstrably vulnerable systems.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.