Cybersecurity professional here, I’d read up on Kia’s responsible disclosure policy, to avoid any potential trouble, and for guidelines on how to disclose it to them and handle this ethically.
https://www.kia.com/eu/vulnerability-disclosure/
Unfortunately they don’t do bug bounties, which is too bad.
Edit: I wouldn’t listen to people telling you to lock the car, exploit it in other ways or disclosing it to the media first. That is unethical at best and illegal at worst.
Oh wow this is very embarassing very sorry about that. Edited to include the proper link.