Researchers recently discovered a flaw that might let hackers remotely unlock and start a variety of Honda car models. Ten of Honda’s most well-known vehicles are included among the impacted models as being at risk. Even worse, according to the latest research, the vulnerability might exist in all Honda vehicles produced between 2012 and 2022.
The security vulnerability, presented by researchers known as RollingPWN, takes advantage of a feature in Honda’s keyless entry system. When owners push the fob button, the present entry system uses a rolling code model to generate a new entry code. To prevent replay attacks, the preceding ones should be rendered useless once they have been given. Instead, scientists Wesley Li and Kevin 26000 found that the old codes could be rolled back and utilized to gain unauthorized access to the car.
Ladies and gentlemen, it is my honor to presenting you the Rolling-Pwn attack research on Honda Keyfob system. (https://t.co/UqJEJofxtr) pic.twitter.com/3ZccqfJrUa
— Kevin2600 (@Kevin2600) July 7, 2022
The vulnerability was investigated across a variety of Honda cars from 2012 through 2022. The list of test cars that are affected includes:
- Honda Civic 2012
- Honda XR-V 2018
- Honda CR-V 2020
- Honda Accord 2020
- Honda Odyssey 2020
- Honda Inspire 2021
- Honda Fit 2022
- Honda Civic 2022
- Honda VE-1 2022
- Honda Breeze 2022
Fixing the vulnerability can be as difficult as finding the exploit. Honda could fix the issue by sending out an over-the-air (OTA) software update, but many of the afflicted vehicles don’t support it. A recall scenario is unlikely because there are so many more vehicles that could be affected.
Research is still being done to find out how widespread the vulnerability is. Li and Kevin26000 have a strong suspicion that other automakers may also be affected by the problem given the nature of the attack.
Source : TechSpot