Using a small “Game Boy”-like device, thieves can steal Hyundai and Kia electric cars in seconds.
Hyundai and Kia are no strangers to theft issues. In 2022 and 2023, the brands made news after the Kia Boys went on a rampage using low-tech methods to steal base model cars, such as using a USB charger to turn the ignition cylinder. Since then, the attacks have become more sophisticated, and now thieves with deeper pockets and bigger ambitions have begun to look to the Hyundai EV as a target.
Their tool? A hacking device disguised to look like a Nintendo Game Boy.
Hyundai theft issues
In 2021, a spike in stolen Hyundai and Kia vehicles occurred in Milwaukee, Wisconsin. The thefts were eventually attributed to a group called the Kia Boys, who made off with vehicles of influence, driving them recklessly before trashing them or leaving them on the side of the road when they ran out of gas. The thefts eventually became a viral sensation on social media and resulted in some affected models becoming uninsured.
Reports of stolen Hyundai Ioniq 5s began to emerge late last year. Owners woke up to missing vehicles or notifications on their cellphones that their cars were unlocked and ultimately untraceable from their Hyundai app.
Blame it Game Boy.
The device is technically called an emulator, but it’s a bunch of radio transmission hardware stuffed into a shell by someone in Europe to look like Nintendo’s classic handheld. This device has been around for several years. But based on the devices we’ve seen for sale and the vehicles said to be “compatible” with them, Hyundai Motor Group’s electric cars are already the first electric models that are specific targets.
It works after the car is woken up by touching the door handle and activating a handshake protocol between the car and the owner’s key fob. An emulator program is then activated that starts talking to the car. The device tricks the car into thinking it’s a legitimate key by using a specific algorithm that will eventually calculate the correct code – usually in seconds. If it takes a little longer, the thief can put the device in his pocket and wait for it to vibrate to signal that he has found the code and stored it for use.
Here’s a video that shows one such apparent theft:
(InsideEVs intentionally does not include any information on where or how to get this technology as part of this report, which exists to alert owners to its existence.)
We have seen more sophisticated technical attacks in the past. Relay attacks – where thieves use key fob range extenders to trick the car into thinking the key is inches away from the vehicle, rather than tens of feet away – are the most common. Even Tesla vehicles have been susceptible to this type of attack, which may be what someone thinks is happening with the Ioniq 5. But in some cases, the owners weren’t even in the same country when the theft happened.
This device then unlocks the vehicle and can be used as an ignition key. And when it’s safely away from the crime scene, the thief can remove the vehicle’s connectivity modules to render GPS and in-app tracking useless.
Resellers of the device claim that the Hyundai Ioniq 5, Kia EV6 and Genesis GV60 can be stolen in seconds. Other domestic models of the Korean automaker that are affected are the Kia Niro, Forte and K5. There are a number of other models that are also susceptible to this type of attack, but require a unique PIN to be generated using the vehicle’s VIN, which is visible on the outside of the vehicle.
In this report from Polish media outlet Polsat News, you can see one such device demonstrated by a journalist and law enforcement officer about six minutes in:
We reached out to Hyundai to find out how much the automaker knows about this particular circumvention of its anti-theft protections, but the automaker was unable to provide us with any information at the time of writing.
Hyundai and Kia are not alone in this high-tech battle. The same distributors offer console-like devices that can force rough keyboard shortcuts for modern vehicles from Infiniti, Lexus, Mercedes-Benz, Mitsubishi, Nissan, Subaru, and Toyota, among other brands not sold in the U.S.
Disguising car hacking tools to appear inconspicuous is not abnormal. Thieves also have CAN-injection hardware hidden in fake JBL speakers used to steal cars in a similarly high-tech way. Some other devices are made to look like keychains or even Android phones.
This particular example of theft outlines something that almost no consumer or local law enforcement agency is willing to take on: with enough money and a compatible car, a thief can make off with your ride in seconds with just this device.
The only thing keeping these devices out of the hands is the price. The few examples InsideEVs came across were priced between $16,000 and $30,000, which is admittedly a fraction of the cost of a new Hyundai Ioniq 5 N or Kia EV6 GT. But it’s the only thing between a vulnerable car and a raiding party offering the car to the highest bidder.
Read more
