Tuesday, July 12, 2022
HomeComputer HardwareNewer Honda Autos Are Weak To This Startling Distant Key Fob Hack

Newer Honda Autos Are Weak To This Startling Distant Key Fob Hack


honda vehicles vulnereable remote key fob hack news
Earlier this yr, we wrote a couple of vulnerability in Honda’s distant keyless entry (RKE) system that hackers might exploit to lock, unlock, and begin sure Honda and Acura autos. This specific vulnerability was the results of Honda utilizing mounted codes in its RKE system. Many Honda and Acura key fobs ship the identical radio frequency (RF) codes for each request. An attacker can intercept these codes and re-transmit them later to entry the automobile in what’s referred to as a replay assault.

One answer to this safety weak spot is to make use of rolling codes, the place the RF codes change after each request in order that intercepted codes can’t be reused for a profitable replay assault. Honda has carried out rolling codes in a few of its newer autos, however, in line with new analysis, the corporate’s implementation of rolling codes doesn’t stop replay assaults as a consequence of a vulnerability dubbed “Rolling-PWN.”

Honda’s up to date RKE system checks RF codes in opposition to a synchronizing counter, accepting codes that match up with the counter whereas rejecting older codes. In principle, this method ought to stop attackers from conducting a profitable replay assault, as re-transmitted codes gained’t match with the synchronizing counter. Nonetheless, the RKE system consists of some programming logic meant to forestall unintentional key presses, and a staff of researchers from Star-V Lab found a technique to exploit this programming logic to resynchronize the counter and settle for previous codes by sending a consecutive lock and unlock code sequence.

The researchers have printed demonstration a number of movies as proof of this exploit, and Rob Stumpf, an automotive journalist for The Drive, was capable of replicate the exploit as nicely. The vulnerability additionally has additionally been listed within the Nationwide Vulnerability Database as CVE-2021-46145 with a medium severity ranking of 5.3. The researchers are of the view that this vulnerability most certainly impacts all autos with Honda’s up to date RKE system, which the corporate started implementing in 2012. The researchers had been capable of confirm that the vulnerability impacts the ten hottest Honda autos from 2012 to 2022, that are as follows:

  • Honda Civic 2012
  • Honda X-RV 2018
  • Honda C-RV 2020
  • Honda Accord 2020
  • Honda Odyssey 2020
  • Honda Encourage 2021
  • Honda Match 2022
  • Honda Civic 2022
  • Honda VE-1 2022
  • Honda Breeze 2022

The researchers tried notifying Honda of this vulnerability, however by no means obtained a response. After the researchers went public with the vulnerability, a spokesperson for Honda made a press release to Vice questioning the researchers’ findings. “We’ve regarded into previous related allegations and located them to lack substance. Whereas we don’t but have sufficient info to find out if this report is credible, the important thing fobs within the referenced autos are outfitted with rolling code expertise that will not permit the vulnerability as represented within the report. As well as, the movies supplied as proof of the absence of rolling code don’t embrace adequate proof to help the claims.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments