Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole

Hyundai is now offering an “optional” security upgrade for the Ioniq 5 in the UK that prevents the car being stolen with a Game Boy-like device. Hyundai wants some Ioniq 5 owners to pay £49 ($65) to upgrade hardware and software components to prevent thieves using handheld devices to unlock and start cars without needing a key.

Kia, Hyundai, and Genesis EVs have been under attack in the UK and elsewhere in recent years thanks to a sophisticated Game Boy-like handheld device that cracks the wireless protocols used by Hyundai Motor Group on vehicles like the Ioniq 5, original Kia EV6, and Genesis GV60.

Hyundai is now offering a paid upgrade for Ioniq 5 owners in the UK, which it promises will address “evolving security threats” with improved software and hardware components for a “customer contribution of £49.” You can check to see if your Ioniq 5 needs this upgrade here, but there hasn’t been a similar bulletin for US vehicles yet.

It’s not clear why Hyundai is asking customers to pay for the luxury of having their cars protected against a flaw in Hyundai’s own security mechanisms, particularly as the car maker offers a five-year warranty on its vehicles. We’ve reached out to Hyundai to comment on this security upgrade.

Hyundai’s upgrades are designed to protect against a rise in thieves using a handheld device, which was reportedly designed by hackers in Europe to resemble a Game Boy. It’s been used for at least five years, and works on a variety of cars that use keyless entry systems.

The Drive reported in 2020 that the device can intercept the signal emitted when you touch a car’s door handle, allowing it to crack the algorithm and send back a signal so the car thinks a legitimate key is present and unlocks the doors. The same manipulation technique then works to start the car and steal it, and it’s as easy as hitting a button instead of performing a relay attack to amplify the signal of the legitimate key.

While these Game Boy-like devices cost around €20,000 in Europe, they’ve been widely used to steal a variety of Kia, Hyundai, Nissan, Gensis, and Mitsubishi cars in recent years. Hyundai’s Ioniq and Kia’s EV6 models were even among the most stolen cars in the UK in 2024, demonstrating just how vulnerable these cars are to this type of attack.

Security researchers also found a flaw in Kia’s web portal last year that allowed attackers to unlock and start cars. It was part of a series of security flaws that have been reported to Hyundai Motor Group, the owners of Hyundai, Kia, and Genesis brands. Hyundai and Kia also agreed to a $200 million settlement in 2023 over the “Kia Boyz” attacks that allowed thieves to bypass a vehicle’s security system using a USB cable.