Honda Car Remote Key System Vulnerable To Hacking, Beware Of These Ways
JAKARTA - Security researcher Rob Stumpf of The Drive recently posted a video of how to remotely unlock and start several Honda cars using a handheld radio. It turned out that he could do just that, though Honda insisted the car had security protections meant to stop attackers from doing so.
According to the researchers, this hack was made possible due to a vulnerability in the keyless entry system in many Hondas made between 2012 and 2022. They dubbed the Rolling-PWN vulnerability.
The basic concept for Rolling-PWN is similar to the previously seen attacks used against VW and Tesla, as well as other devices. For example using radio equipment, someone records a legitimate radio signal from a key fob. Then he broadcasts it back to the car. This is called a replay attack.
Heads up, Honda owners—security researchers found a vulnerability in many new Hondas that can allow someone to unlock and start the car without its keys. It's been dubbed "Rolling Pwn," and here's our @RobDrivesCars demonstrating how it works.Full story: https://t.co/W7ZNjziS2Z pic.twitter.com/2c0xNbrxoi
— The Drive (@thedrive) July 11, 2022
In theory, many modern cars use what's called a rolling lock system, which essentially makes each signal only work once. Suppose you press the button to unlock your car, your car unlocks, and that exact signal should never be used to unlock your car again.
But as Jalopnik points out, not all recent Hondas have that level of protection. The researchers also discovered a vulnerability where recent Hondas (specifically the 2016 to 2020 Civics) instead used an unencrypted signal that didn't change.
Even those with rolling code systems — including the 2020 CR-V, Accord, and Odyssey, Honda tells Vice, may be vulnerable to the recently revealed attack.
The Rolling-PWN website has a video of the hack being used to unlock a vehicle with that rolling code and pretty much making a 2021 Accord with that exploit, able to remotely start its engine and then unlock it.
Honda told The Drive that the security system placed on the key fob and its cars "would not allow the vulnerability as shown in the report" to be carried out.
Honda said the attack should have been impossible – but clearly, it happened somehow. Honda has no comment on The Drive's report of this remotely unlockable lock.
According to the Rolling-PWN website, the attack is successful because it can re-sync the car code counter, meaning it will accept the old code, as the system is built to have some tolerance, so you can use your keyless entry even if the button is pressed once or twice. when you are away from the car, so that the car and remote stay in sync, the security system can be beaten.
The site also claims that it affects "all Honda vehicles currently on the market," but admits that it has only really been tested on a handful of model years.
Even more worryingly, the site shows that other car brands were also affected, but the details are unclear.