A portable radio is what it takes to unlock a Honda car if you forget your keys at home.
A new risk of remote hacking in the spotlight as it could put millions of Honda vehicles in check.
Security researchers have revealed a vulnerability in Honda’s keyless entry system that could allow hackers remotely unlock and start all vehicles.
This so-called “Rolling-Pwn” attack takes advantage of this ease of keyless access when the system transmits the authentication codes between the car and the key fob. It has been discovered by security researchers at Star-V Lab that with only a hand radio they have managed to open it and start it.
This hack works similar to that of Tesla and Bluetooth Low Energy (BLE), that if you remember, the attacker with only access to bluetooth or the vehicle key, was able to transmit the bluetooth credentials of the key from a remote location and open the door of someone even if the owner is not around.
“The Rolling-PWN bug is a serious vulnerability”the team wrote in a blog post. “We found it in a vulnerable version of the rolling code mechanism, which is implemented in a large number of Honda vehicles,” they add.
As for the affected Honda models, they are those launched between 2012 and 2022 with casualties like the Accord, Civic, C-RV, and X-RV.
Once discovered, they claim to have contacted Honda. However, their response was they do not have a department to deal with problems related to the safety of their products. The company has only responded to the media stating that they are baseless and unbelievable accusations.
Still, as the researchers point out, this type of attack should be prevented by the vehicle’s rolling code mechanisma system introduced to prevent replay attacks by providing a new code for each remote keyless access authentication.
Despite all this, according to The Drive, which was independently investigating this vulnerability, verified on a 2021 Honda Accord that the key fob failure does not allow an attacker to drive away with the vehicle.
These warn that the threat could affect vehicles of other brands, as well as that there is no way to protect against hacking or determine if it has happened to you.