Long time readers know that I have been covering Hyundai Canada’s struggles to get Apple CarPlay and Android Auto to their fleet of cars. They eventually did get there in terms of newly purchased cars and the ability to upgrade some of their existing cars. And they did that for free for a while. But that program ended some time ago.
Now As of this year, numerous KIA and Hyundai models in Canada have access to map updates for free. And if you don’t presently have Android Auto or Apple CarPlay, you can get that for free as well. Here’s how you do it:
- First, you need to have a 32GB class 10 SD card handy. If you don’t have one, they’re cheap enough to source on Amazon or on B&H Photo.
- Next, surf to the Mapnsoft website and choose your brand.
- If you don’t have an account create one. Otherwise log in with your account details.
- Pick your country, model year, and model.
This will (hopefully) take you to a screen like this:
You can view the instructions in terms of updating it as well as read about the features that you can get with this update. While you can order it for $30 and have it shipped to you on an SD card (Which is way cheaper than it has been in the past). But you really want to click “download it to free” to go that route.
Now I won’t walk through the entire process to update your infotainment system as that’s very well documented. But here’s the highlights. It takes a while to do as you have to download software for your PC or Mac to download, which will in turn download the software for your infotainment system and put it on your SD card. But having done this myself, I started this at 7PM. By 7:20PM it had downloaded the update and started the process of putting out on the SD card. But by 10PM it still wasn’t done. I left it overnight and when I woke up to it having completed the process. So I don’t know how long it actually takes, but it wasn’t quick. Then you take the SD card to your car and use it to update your infotainment system. That takes about 45 minutes and you need the engine running to do it. My suggestion would be to take a drive until it is done. But this part is completely in line with other updates that I have done.
Gripes? The Mac version of this software isn’t notarized by Apple. Which means you have to hop through a few hoops to get this to run as it sets off Gatekeeper because it thinks its a virus. Mapnsoft should really fix that as those hoops won’t be able to be bypassed.
This is a very good development for Hyundai and Kia owners in Canada as those owners can keep their maps and infotainment systems up to date. If you’ve held off on updating your infotainment system, you don’t need to hold off anymore as you can update your infotainment system with your only investment being time.
Kia Cars Can Be Pwned In Epic Fashion
Posted in Commentary with tags Kia on September 27, 2024 by itnerdThis is the second time in a week that I am going to say this. My wife and I are keeping our current car until it dies. But instead of potential privacy issues, it’s due to the fact that cars these days are connected to the Internet. Which means that they could be pwned. Here’s an example of that:
Today, a group of independent security researchers revealed that they’d found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the hackers’ own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any internet-connected Kia vehicle’s license plate and within seconds gain the ability to track that car’s location, unlock the car, honk its horn, or start its ignition at will.
After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group’s findings and hasn’t responded to WIRED’s emails since then. But Kia’s patch is far from the end of the car industry’s web-based security problems, the researchers say. The web bug they used to hack Kias is, in fact, the second of its kind that they’ve reported to the Hyundai-owned company; they found a similar technique for hijacking Kias’ digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they’ve discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.
“The more we’ve looked into this, the more it became very obvious that web security for vehicles is very poor,” says Neiko “specters” Rivera, one of the researchers who both found the latest Kia vulnerability and worked with a larger group responsible for the previous collection of web-based car security issues revealed in January of last year.
“Over and over again, these one-off issues keep popping up,” says Sam Curry, another member of the car hacking group, who works as a security engineer for Web3 firm Yuga Labs but says he did this research independently. “It’s been two years, there’s been a lot of good work to fix this problem, but it still feels really broken.”
This isn’t just a bad look for Kia. It’s a bad look for the entire car industry. George McGregor, VP, Approov Mobile Security had this to say:
“This shows how mobile app security and backend API security must be considered together. The attacker was able to copy the apps behavior and the backend checks were not sufficient to distinguish these requests from those from a valid app.
“In fact the API needs contextual information about what is going on in the device and the app to be able to prevent this kind of vulnerability being exploited. And the assessment of device and app needs to be thorough and happen continuously so that every request is validated as being legitimate.
“An effective app attestation solution such as the one from Approov can easily stop unauthorized apps, bots, cloned mobile apps or scripts from accessing your APIs and provide a Zero Trust approach that prevents this kind of exploit. “
The car industry simply needs to do better when it comes to security. Because at present, it looks like they as a whole don’t take security very seriously. Though they are free to prove me wrong at any time by describing how they are going to do better on this front and how long that will take.
Leave a comment »