Researchers have discovered a vulnerability in Honda vehicles that could allow pirates to unlock doors and start cars from a distance. The security flaw was named “RollingPWN”, and it affects all Honda models released between 2012 and 2022, according to the researchers. Honda is not very satisfied with the results; the Japanese automaker says the flaw is “old news” because VICE reports.
The fault can be traced back to the keyless entry system used by Honda cars, such as Kevin26000 and Wesley Li explain in the RollingPWN report. They found the bug affected ten of the most popular Honda models, leading them to believe it affects virtually all Hondas from 2012 onwards. These Hondas use a rolling-code mechanism that assigns different codes each time owners use their key fob.
Each button press sends a new code from the fob to the car, which should (theoretically) render the old codes unusable. But Kevin2600 found it was possible to override those codes, retrieve an old one, and reuse it to unlock the doors and start the car from up to 98 feet away. The exploit is also undetectable, leaving no trace after being used. The team tested the hack at a Honda dealership and recorded the results:
Congratulations on this surprisingly happy soundtrack, by the way. In the many other videos, researchers published, they can be seen using a basic radio device that users can reprogram and rewrite. The hardware is open source and VICE shows how readily available these devices are with a Hyperlink. The RF device captures the last code used by a Honda owner via the key fob and replays it. The car then accepts the old code and lets the hacker in.
To make matters worse, this exploit comes on top of Honda’s cybersecurity issues. A similar flaw was discovered in March of that year, but it dealt with fixed codes rather than rolling codes. Honda responded to these claims by saying they were false because the cars mentioned in the search used rolling codes.
So it would make sense that if the flaw was inherent in fixed code keyless entry systems, Honda cars would be immune. Yeah, well, what happens when the bug bites rolling code systems too? What is RollingPWN! When the team reported the security breach to Honda, they were basically told to kick; a Honda employee told researchers to file a report with customer service.
The team suggests a fix requires a recall of all affected vehicles, but given the number of Hondas using rolling codes, that doesn’t seem feasible. They said the next best solution is an OTA firmware fix, but many of these cars don’t support OTA. The researchers concluded by saying that more research is forthcoming, as they believe the bug affects many more vehicles, not just Hondas.
