Hyundai and Kia are no strangers to theft problems. In 2022 and 2023, the brands made news after the Kia Boys ran amok using low-tech methods to steal base model cars, like using a USB charger to turn the ignition cylinder. Attacks have gotten more sophisticated since then, and now thieves with deeper pockets and higher ambitions have begun seeking out Hyundai EVs as a target.

Their tool? A hacking apparatus disguised to look like a Nintendo Game Boy.

Reports of stolen Hyundai Ioniq 5s began popping up late last year. Owners were waking up to missing vehicles or notifications on their cell phones that their cars had been unlocked, and eventually unable to be tracked from their Hyundai app.

Blame the Game Boy.

Technically, the device is called an emulator, but it’s a bunch of radio transmission hardware stuffed into a shell by someone in Europe to look like Nintendo’s classic handheld. This device has been around for a few years. But based on the devices we have seen for sale and the vehicles said to be “compatible” with them, the Hyundai Motor Group EVs are now the first electric models to be specific targets. 

It works once the car is woken up by touching the door handle and activating a handshake protocol between the car and what would be the owner’s key fob. A program is then activated on the emulator which begins to talk with the car. The device tricks the car into thinking that it’s a legitimate key by using a specific algorithm that will eventually calculate the right code—usually in seconds. If it takes a bit longer, the thief can place the device in their pocket and wait for it to vibrate to signal that it found the code and stored it for use.

Here’s a video showing one such apparent theft:

(InsideEVs is deliberately not including any information where or how to obtain this technology as part of this report, which exists to alert owners to its existence.) 

Now, we’ve seen more sophisticated technical attacks in the past. Relay attacks—where thieves devices to extend the range of a key fob to trick the car into thinking that the key is within inches of the vehicle rather than dozens of feet away—have been the most common. Even Tesla’s vehicles have been susceptible to these types of attacks, which might be what someone thinks is happening with the Ioniq 5. But in some cases, owners weren’t even in the same country when the theft occurred.

This device then unlocks the vehicle and can be used as a key to drive off. And when safely away from the crime scene, the thief can remove the car’s connectivity modules to render the GPS and in-app tracking useless.

Resellers of the device claim that the Hyundai Ioniq 5, Kia EV6, and Genesis GV60 can be stolen in a matter of seconds. Other domestic models by the Korean automaker that are affected are the Kia Niro, Forte, and K5. There are a number of other models that are also susceptible to this type of attack but require a unique PIN to be generated using the car’s VIN, which is visible from the exterior of the car.

In this report from Polish media outlet Polsat News, you can see one such device being demonstrated by a journalist and a law enforcement official around six minutes in: 

We reached out to Hyundai to find out how much the automaker knows about this particular circumvention to its theft protections, however, the automaker wasn’t able to provide us with any information at the time of writing.

Hyundai and Kia aren’t alone in this high-tech fight. The same resellers offer console-like devices that can brute force key combinations for modern Infiniti, Lexus, Mercedes-Benz, Mitsubishi, Nissan, Subaru and Toyota vehicles, among other makes not sold in the U.S.

Disguising car hacking tools to look inconspicuous isn’t abnormal. Thieves also have CAN-injection hardware hidden inside of fake JBL speakers used to steal cars in a similar high-tech fashion. Some other devices are made to look like key fobs or even Android phones.

This particular example of theft outlines something that almost no consumer or local law enforcement agency is ready to take on: With enough money and a compatible car, a thief can make off with your ride in seconds with just this device.

The only thing keeping these devices out of reaching hands is the price tag. The few examples that InsideEVs came across were priced between $16,000 and $30,000, which, admittedly, is a fraction of the cost of a new Hyundai Ioniq 5 N or Kia EV6 GT. But it’s the only thing between a vulnerable car and a striker group offering the car to the highest bidder.

In‌ a recent⁤ and concerning development in‌ the automotive industry, the Hyundai Ioniq 5 and Kia EV6 have become the latest victims of a⁢ cyber hack known as the ‘Game⁣ Boy’⁤ hack. This cyber attack has raised serious questions about the vulnerability of modern vehicles to hacking and the potential risks ‌that come with it.

The ‘Game ⁣Boy’⁢ hack, named after ⁤the popular⁣ handheld gaming device from the 1990s, allows hackers to remotely control various functions​ of a vehicle, including its acceleration, braking, and steering. This poses a significant danger‌ to both ⁢the driver‍ and other road users, as a malicious​ attacker could potentially take control ⁣of the‍ vehicle and cause serious harm.

Both the​ Hyundai Ioniq ⁤5 and Kia EV6 are cutting-edge electric vehicles that ​come equipped with advanced technology and features.⁤ However, this also makes them​ more ⁢susceptible to cyber attacks, as hackers can exploit vulnerabilities in their ​systems to gain unauthorized access and control.

This latest⁤ incident‍ serves⁢ as a stark reminder of the increasing reliance on technology in modern vehicles⁢ and the importance of ⁤cybersecurity measures‌ to protect against potential threats. Automakers must prioritize the⁢ security of their products and implement robust measures to safeguard against‌ cyber attacks.

It is essential for car manufacturers ​to ‌work closely‍ with​ cybersecurity‍ experts to identify and address any vulnerabilities in their⁣ systems. This includes regular‍ security updates and patches to ⁢ensure that vehicles ​remain secure and resilient to cyber threats.

Furthermore, ⁣drivers must⁤ also take ⁢steps to protect themselves ​from potential hacks, such as regularly updating their vehicle’s software and being cautious of any suspicious activity.⁢ It is crucial for ⁢all stakeholders in ​the automotive industry⁤ to work together to​ address the growing threat of cyber attacks and ensure the safety and security of​ drivers and passengers​ on the road.

In conclusion, the ​’Game Boy’ hack targeting the Hyundai Ioniq 5 and Kia EV6 serves as a ⁢wake-up call for the automotive industry to prioritize cybersecurity and take proactive measures to protect against potential threats. It is imperative​ that automakers, cybersecurity experts, and​ drivers collaborate ⁣to address these challenges ⁢and‌ ensure ​the safety and security of modern vehicles in an increasingly connected world.