Hyundai wants loniq 5 customers to pay for cybersecurity patch in baffling move

Agree the title is a bit misleading, but addressing what sounds like an exploit still feels like a patch of sorts.

But yeah, “patch” usually implies software vs. hardware.

Either way, agree with other comments that Hyundai should just eat the costs if it prevents theft due to an exploit.

Having said that, given what the car costs, the fee doesn’t seem completely unreasonable.

Yeah, I considered an ionic the last time I was getting a car. Now I’ll never again consider them.

Also frustrating but for different reasons:

> in 2023 over the “Kia Boyz” attacks that allowed thieves to bypass a vehicle’s security system using a USB cable.

The USB cable happened to have the right size to engage the starter mechanism. Any physical object with similar dimensions could have been used. It really undercuts how absolutely terrible the Kia security design was around that component.

I don't think the patch is hardware. The hardware they're talking about is the "Gameboy like device" that runs the exploit.

> I know the locks on my car are easily picked

They aren't actually. Which is why theives just smash your windows. In either case the alarm is going to go off so there's no advantage to them learning a complex attack on your lock cylinder when a piece of concrete will do.

Further there often were additional ignition interlock mechanisms that required the correct key code or a key with the correct additional hardware to be present for the starter cylinder to actually engage your starter.

> didn't know Hyundai owners were so entitled.

It's called a defect. It should be a recall. We have laws that cover this. They're pretty explicit. I didn't know Hyundai CORPORATION was so entitled as to think they were not subject to them.

This isn't about normal wear-and-tear but a fundamental security design flaw that allows thieves to steal these cars with a $25 device exploiting the CAN bus - more akin to GM shipping cars with a master key hidden under the floor mat than a pickable lock.

As far as I'm concerned, security issues (outside of very niche situations) in a product mean that the product was defective. If you sell a defective product, you should be on the hook to correct the defect.

I think your take makes more sense in a world where you actually own the car fully and have the freedom to do what you want with it. Even if someone was able to write this patch themselves without the source code, distributing it would require owners to root their devices, which isn't legal in all jurisdictions.

You don't expect Microsoft or Adobe to issue fixes any time someone finds a remote exploit that let's attackers gain control of you system though security issue in their software? I 100% expect this of my software vendors even for this purchase in the past. The expectations for software and hardware are certainly very different, but even for hardware we have laws that force companies to fix their hardware in some situations.

If security flaw is so egregious as to warrant a patch, then the patch should be considered to be a fix of a defective product and free.

If the situation doesn't rise to that level of severity, then it follows that a patch isn't necessary.

If GM were to offer lock cylinder replacements because their original cylinders were so flawed as to warrant them, then yes the cylinder replacements should be free. The sold product was not as described.

If the original cylinders aren't so flawed as to warrant a replacement, then no cylinder replacement would be offered.

Are GM cylinder replacements being offered? If not, then your analogy isn't analogous.

You missed some points

1. This is only in the UK, they are not doing the same in the US

2. Recalls are the responsibility of the manufacturer. Security lapses, even if "up to standards" at the time are not a legitimate exemption (imo)

It's a defect. We should fix it by making them do a recall.

I didn't know Hyundai corporate defenders were so unrealistic and childish.