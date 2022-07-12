



Security researchers and The Drives Rob Stumpf recently posted a video that uses a portable radio to unlock a Honda vehicle and launch it remotely. According to researchers, this hack was made possible due to a vulnerability in many Honda keyless entry systems created between 2012 and 2022. They call the vulnerability Rolling-PWN.

The basic concept of Rolling-PWN is similar to the attacks previously used against VW, Teslas, and other devices. Someone uses a radio device to record a legitimate radio signal from the key fob and broadcast it to the car. This is called a replay attack, and if you think you should be able to defend against this type of attack using some type of encryption, you’re right. Theoretically, many modern cars use what is called a rolling key system, where each signal basically works only once. Press the button to unlock the car and it will be unlocked. The exact signal will not unlock the car again.

But, as Jalopnik points out, not all modern Hondas have that level of protection. Researchers have also surprisingly discovered a vulnerability in recent Hondas (especially the 2016-2020 Civic) that instead used unencrypted signals that did not change. And even those with rolling code systems such as the 2020 CR-V, Accord, and Odyssey, Honda says Vice could be vulnerable to recently discovered attacks. The Rolling-PWNs website has a video of the hacking used to unlock these rolling cord vehicles. Stumpf was able to create a 2021 accord in an exploit, turn on the engine remotely and then unlock it.

Honda told Drive that the key fobs and the security system in the car could not implement the vulnerabilities shown in the report. In other words, the company says the attack shouldn’t be possible, but obviously it’s somehow. I asked the company for comment on the drive demonstration that was released on Monday, but didn’t get an immediate reply.

According to the Rolling-PWN website, the attack works because it can resync the car’s code counter. That is, the system is built to have some tolerance, so it can basically accept old code (so you can use keyless entry even if the button is a button) away from the car. The car and remote are kept in sync because they are pressed once or twice while you are in) and you can disable that security system. The site also claims to affect all Honda cars currently on the market, but admits that only a handful of model years have actually been tested.

Even more worrisome, the site suggests that other brands of cars are also affected, but the details are ambiguous. It makes my Ford nervous, but if security researchers follow standard responsible disclosure procedures, it’s probably good in practice, but contact the car manufacturer before the details are released. You need to give them the opportunity to deal with the problem. According to Jalopnik, the researchers contacted Honda but were told to submit a report to customer service (which is not really standard security practice).

