A serious security flaw has been discovered in the keyless entry systems (KES) used in many KIA vehicles across Ecuador, leaving thousands of cars vulnerable to theft. Officially listed as
CVE-2025-6029, the issue stems from outdated technology in aftermarket key fobs that are approved and distributed by KIA Ecuador. Affected models include the Kia Soluto, Rio, and Picanto manufactured between 2022 and 2025.
Details of the KIA Keyless Entry Flaw (CVE-2025-6029)
The vulnerability was identified by Danilo Erazo, an independent hardware security researcher and ethical hacker who founded Reverse Everything. His research, which focuses on vehicle security in Latin America, revealed that many KIA vehicles in Ecuador still rely on “learning code” systems, rather than the more secure rolling code technology.
While most modern vehicles use rolling codes that change with each use to prevent replay and cloning attacks, the key fobs in question use static learning codes. These fixed codes are reused every time the fob transmits a signal, making them highly susceptible to interception.
Understanding Learning Codes
Learning codes are programmable static codes that are stored in both the vehicle’s receiver and the key fob. Each car can typically be paired with up to four of these codes. While they can be reprogrammed, the fact that they do not change automatically after each use allows attackers to exploit them.
With the help of specialized antennas or Software Defined Radio (SDR) devices, attackers can capture the signal from a key fob and replay it to unlock the car without the owner's knowledge. This technique is the basis for the keyless entry vulnerability.
Insecure Hardware in Use
Key fobs used by KIA Ecuador from 2022 to early 2023 are equipped with the HS2240 chip, while later models from 2024 and 2025 use the EV1527 chip. Both chips use learning code technology and offer about one million possible combinations. However, these codes can be brute-forced. Furthermore, due to the system’s ability to store multiple learning codes, malicious actors could program their own codes into the vehicle’s system. This can happen during manufacturing or along the supply chain, creating a permanent backdoor for unauthorized access.
Scope and Impact
Thousands of KIA vehicles across Ecuador are affected, with confirmed cases of theft linked to this vulnerability in both public and private parking areas. Although the issue has been publicly discussed in Ecuador, there are concerns that similarly vulnerable keyless systems are also in use in other Latin American countries.
KIA Ecuador not only installs these key fobs but also officially approves and sells them. These fobs, which are not original equipment manufacturer (OEM) parts, are even available for purchase on the KIA Ecuador website.
Conclusion
Danilo Erazo’s findings on CVE-2025-6029 highlight a major flaw in the keyless entry systems used in KIA vehicles across Ecuador. These systems are vulnerable to replay attacks, brute force access, and hidden backdoors. Security experts urge immediate replacement of these outdated learning code fobs with rolling code technology and call on automakers to stop distributing insecure systems. The vulnerability poses a wider risk since many fixed code ranges are shared across borders.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
