KIA Keyless Entry System Security Flaw Exposes Vehicles in Ecuador to Theft Risk

• A security researcher’s report says Kia Soluto, Rio, and Picanto in Ecuador are exposed to theft risks.
• The report details a critical security flaw in the cars’ keyless entry systems that allows brute force attacks.
• Fixed “learning code” technology used in aftermarket key fobs enables an attacker to intercept and replay signals.

A critical security vulnerability, cataloged as CVE-2025-6029, has been identified in the keyless entry systems (KES) of KIA vehicles in Ecuador, exposing thousands of cars to theft risks. The affected models include the Kia Soluto, Rio, and Picanto produced between 2022 and 2025.

The flaw, discovered by Danilo Erazo, an independent hardware security researcher and ethical hacker, stems from outdated “learning code” technology used in aftermarket key fobs homologated and distributed by KIA Ecuador. 

While most modern vehicles globally utilize rolling code technology—which enhances security by dynamically changing the access code with each use—the vulnerable key fobs in question rely on fixed learning codes that remain static. 

This creates an opening for replay and brute force attacks. An attacker can intercept the radio frequency (RF) signals transmitted by the key fob, using specialized equipment like Software Defined Radio (SDR) devices, and replay these signals to gain unauthorized access. 

Additionally, brute force attacks can systematically test all possible combinations of the fixed codes to unlock vehicles.

Further compounding the issue, the system permits backdoor vulnerabilities. Malicious actors can program unauthorized fixed codes into the vehicle's receiver, potentially along the production or supply chain, creating permanent access without the owner's knowledge. 

This is made possible because the vehicle receiver supports up to four programmable learning codes.

KIA Ecuador key fobs from 2022 and early 2023 use the HS2240 chip, while those from 2024 and 2025 use the EV1527 chip. Both chips operate with insecure learning codes, featuring roughly 1 million code combinations. 

This vulnerability endangers thousands of KIA vehicles in Ecuador and possibly other Latin American markets employing similar KES models.

The security flaw has already been linked to theft incidents in Ecuador, occurring in both public and private parking areas. Despite this issue, KIA Ecuador continues to homologate and sell these key fobs via their official website, raising concerns about the responsibility of manufacturers in addressing systemic vulnerabilities.

Researchers, including Erazo, recommend the urgent replacement of vulnerable learning code systems with rolling code technology. This shift is critical to mitigating risks not only in Ecuador but also in additional markets reliant on outdated KES technologies, as overlapping fixed code ranges could facilitate broader exploitation.