Security researchers have uncovered a vulnerability in Honda’s keyless entry system that could allow hackers to remotely unlock and potentially start “all Honda vehicles currently on the market”.
Weakness in design
The “Rolling-Pwn” attack, discovered by security researchers Kevin2600 and Wesley Li of Star-V Lab, exploits a vulnerability in the way Honda’s keyless entry system transmits passcodes between vehicles and the key fob. The operation is similar to that of a recently discovered Bluetooth attack that affects certain Tesla vehicles. Using easily purchased radio equipment, the researchers were able to listen and capture the codes, then transmit them to the vehicle to gain access.
Open and start in seconds
Two researchers have discovered that the counter in Honda cars is rebalanced when the car receives lock and unlock commands in a sequence, causing the car to accept codes from previous sessions that should have been invalid. The researchers say they have tested their attack on several. Honda models, including the 2012 Honda Civic, Honda Accord and Honda Fit, but warn that the security flaw may affect “all Honda vehicles currently on the market” and may also affect vehicles from other manufacturers.
We tried to talk to Honda
Security researchers say they tried to contact Honda about the vulnerability, but found that the company “does not have a department to address security issues with its products.” So they reported the issue to Honda customer service, but have yet to receive a response.
A difficult problem to solve
As noted by security researchers, if Honda were to notice the flaw, it would be difficult to fix, as older cars do not support OTA (over-the-air) updates. The researchers also pointed out that there is no way to protect yourself from hacking and determine if it has happened to you.
And news from Autoblog