Hyundai Ioniq 5, Kia EV6 Are Newest Victims Of 'Game Boy' Hack

5 months, 2 weeks ago - 2 July 2024, InsidEevs
Hyundai Ioniq 5, Kia EV6 Are Newest Victims Of 'Game Boy' Hack
Using a small "Game Boy"-like device, thieves are able to steal Hyundai and Kia EVs in just seconds.

Hyundai and Kia are no strangers to theft problems. In 2022 and 2023, the brands made news after the Kia Boys ran amok using low-tech methods to steal base model cars, like using a USB charger to turn the ignition cylinder. Attacks have gotten more sophisticated since then, and now thieves with deeper pockets and higher ambitions have begun seeking out Hyundai EVs as a target.

Their tool? A hacking apparatus disguised to look like a Nintendo Game Boy.

Reports of stolen Hyundai Ioniq 5s began popping up late last year. Owners were waking up to missing vehicles or notifications on their cell phones that their cars had been unlocked, and eventually unable to be tracked from their Hyundai app.

Blame the Game Boy.

Technically, the device is called an emulator, but it's a bunch of radio transmission hardware stuffed into a shell by someone in Europe to look like Nintendo's classic handheld. This device has been around for a few years. But based on the devices we have seen for sale and the vehicles said to be "compatible" with them, the Hyundai Motor Group EVs are now the first electric models to be specific targets. 

It works once the car is woken up by touching the door handle and activating a handshake protocol between the car and what would be the owner's key fob. A program is then activated on the emulator which begins to talk with the car. The device tricks the car into thinking that it's a legitimate key by using a specific algorithm that will eventually calculate the right code—usually in seconds. If it takes a bit longer, the thief can place the device in their pocket and wait for it to vibrate to signal that it found the code and stored it for use.

Here's a video showing one such apparent theft:

(InsideEVs is deliberately not including any information where or how to obtain this technology as part of this report, which exists to alert owners to its existence.) 

Now, we've seen more sophisticated technical attacks in the past. Relay attacks—where thieves devices to extend the range of a key fob to trick the car into thinking that the key is within inches of the vehicle rather than dozens of feet away—have been the most common. Even Tesla's vehicles have been susceptible to these types of attacks, which might be what someone thinks is happening with the Ioniq 5. But in some cases, owners weren't even in the same country when the theft occurred.

This device then unlocks the vehicle and can be used as a key to drive off. And when safely away from the crime scene, the thief can remove the car's connectivity modules to render the GPS and in-app tracking useless.

Resellers of the device claim that the Hyundai Ioniq 5, Kia EV6, and Genesis GV60 can be stolen in a matter of seconds. Other domestic models by the Korean automaker that are affected are the Kia Niro, Forte, and K5. There are a number of other models that are also susceptible to this type of attack but require a unique PIN to be generated using the car's VIN, which is visible from the exterior of the car.

In this report from Polish media outlet Polsat News, you can see one such device being demonstrated by a journalist and a law enforcement official around six minutes in: 

We reached out to Hyundai to find out how much the automaker knows about this particular circumvention to its theft protections, however, the automaker wasn't able to provide us with any information at the time of writing.

Hyundai and Kia aren't alone in this high-tech fight. The same resellers offer console-like devices that can brute force key combinations for modern Infiniti, Lexus, Mercedes-Benz, Mitsubishi, Nissan, Subaru and Toyota vehicles, among other makes not sold in the U.S.

Disguising car hacking tools to look inconspicuous isn't abnormal. Thieves also have CAN-injection hardware hidden inside of fake JBL speakers used to steal cars in a similar high-tech fashion. Some other devices are made to look like key fobs or even Android phones.

This particular example of theft outlines something that almost no consumer or local law enforcement agency is ready to take on: With enough money and a compatible car, a thief can make off with your ride in seconds with just this device.

The only thing keeping these devices out of reaching hands is the price tag. The few examples that InsideEVs came across were priced between $16,000 and $30,000, which, admittedly, is a fraction of the cost of a new Hyundai Ioniq 5 N or Kia EV6 GT. But it's the only thing between a vulnerable car and a striker group offering the car to the highest bidder.

Support Ukraine