One answer to this safety weak spot is to make use of rolling codes, the place the RF codes change after each request in order that intercepted codes can’t be reused for a profitable replay assault. Honda has carried out rolling codes in a few of its newer autos, however, in line with new analysis, the corporate’s implementation of rolling codes doesn’t stop replay assaults as a consequence of a vulnerability dubbed “Rolling-PWN.”
The researchers have printed demonstration a number of movies as proof of this exploit, and Rob Stumpf, an automotive journalist for The Drive, was capable of replicate the exploit as nicely. The vulnerability additionally has additionally been listed within the Nationwide Vulnerability Database as CVE-2021-46145 with a medium severity ranking of 5.3. The researchers are of the view that this vulnerability most certainly impacts all autos with Honda’s up to date RKE system, which the corporate started implementing in 2012. The researchers had been capable of confirm that the vulnerability impacts the ten hottest Honda autos from 2012 to 2022, that are as follows:
- Honda Civic 2012
- Honda X-RV 2018
- Honda C-RV 2020
- Honda Accord 2020
- Honda Odyssey 2020
- Honda Encourage 2021
- Honda Match 2022
- Honda Civic 2022
- Honda VE-1 2022
- Honda Breeze 2022
The researchers tried notifying Honda of this vulnerability, however by no means obtained a response. After the researchers went public with the vulnerability, a spokesperson for Honda made a press release to Vice questioning the researchers’ findings. “We’ve regarded into previous related allegations and located them to lack substance. Whereas we don’t but have sufficient info to find out if this report is credible, the important thing fobs within the referenced autos are outfitted with rolling code expertise that will not permit the vulnerability as represented within the report. As well as, the movies supplied as proof of the absence of rolling code don’t embrace adequate proof to help the claims.”