Photo: Rob Stumpf via twitter
Modern vehicles are a lot like computers on wheels, including software vulnerabilities that could allow attackers access to the car. The frightening possibility is not unheard of, and car thieves use software vulnerabilities and hacks to steal cars all the time. Recently, researchers have found such a vulnerability in Honda’s remote locking system.
When we lock or unlock our cars using the remote, our key fob sends an encrypted signal to the vehicle containing the command. The car checks the signal against a database to validate the code and allow or deny access. The encrypted signal changes with every new command in a pre-determined sequence, so capturing and replaying the signal would not allow attackers to open the car later. At least in theory.
The database contains several allowed codes for the cases when the key fob buttons are pressed multiple times while not in the range of the car. This makes the key fob emit a signal not expected by the vehicle, although it is still a valid request. Normally, when the system receives a newer code, it should invalidate all prior codes to protect against replay attacks. But Honda cars fail to do that and instead resync the database with the older signals.
People who eavesdrop on a paired key fob can capture several codes sent. They can be replayed later, causing the database to resync with the old sequence of signals. This allows the attacker to reuse older codes that were supposed to be invalid even months after they captured them. The worst part is that Honda took a lot of time acknowledging the problem. The vulnerability was first exposed in March, and up until today, Honda refused to admit it.
“We can confirm researcher claims that it is possible to employ sophisticated tools and technical know-how to mimic Remote Keyless commands and gain access to certain vehicles or ours,” wrote a Honda spokesperson in a message to Bleeping Computer. “However, while it is technically possible, we want to reassure our customers that this particular kind of attack, which requires continuous close-proximity signal capture of multiple sequential RF transmissions, cannot be used to drive the vehicle away.”
The problem is that it is not very difficult to use the Rolling-Pwn vulnerability to open a Honda. Rob Stumpf from The Drive could replicate the exploit by capturing two different key signals and replaying them on his 2021 Honda Accord using a Software-Defined Radio. The fact that the hack cannot be used to drive the car is comforting. However, random people having access to your vehicle still remains a frightening thought.
According to researcher Kevin2600, who exposed the vulnerability, all Honda vehicles might be affected. He tested the exploit on 10 popular models from the model year 2012 to the model year 2022: Honda Civic 2012, Honda X-RV 2018, Honda C-RV 2020, Honda Accord 2020, Honda Odyssey 2020, Honda Inspire 2021, Honda Fit 2022, Honda Civic 2022, Honda VE-1 2022, and Honda Breeze 2022. He strongly believes that all existing Honda vehicles are vulnerable to a Rolling-Pwn attack.
The database contains several allowed codes for the cases when the key fob buttons are pressed multiple times while not in the range of the car. This makes the key fob emit a signal not expected by the vehicle, although it is still a valid request. Normally, when the system receives a newer code, it should invalidate all prior codes to protect against replay attacks. But Honda cars fail to do that and instead resync the database with the older signals.
People who eavesdrop on a paired key fob can capture several codes sent. They can be replayed later, causing the database to resync with the old sequence of signals. This allows the attacker to reuse older codes that were supposed to be invalid even months after they captured them. The worst part is that Honda took a lot of time acknowledging the problem. The vulnerability was first exposed in March, and up until today, Honda refused to admit it.
“We can confirm researcher claims that it is possible to employ sophisticated tools and technical know-how to mimic Remote Keyless commands and gain access to certain vehicles or ours,” wrote a Honda spokesperson in a message to Bleeping Computer. “However, while it is technically possible, we want to reassure our customers that this particular kind of attack, which requires continuous close-proximity signal capture of multiple sequential RF transmissions, cannot be used to drive the vehicle away.”
The problem is that it is not very difficult to use the Rolling-Pwn vulnerability to open a Honda. Rob Stumpf from The Drive could replicate the exploit by capturing two different key signals and replaying them on his 2021 Honda Accord using a Software-Defined Radio. The fact that the hack cannot be used to drive the car is comforting. However, random people having access to your vehicle still remains a frightening thought.
According to researcher Kevin2600, who exposed the vulnerability, all Honda vehicles might be affected. He tested the exploit on 10 popular models from the model year 2012 to the model year 2022: Honda Civic 2012, Honda X-RV 2018, Honda C-RV 2020, Honda Accord 2020, Honda Odyssey 2020, Honda Inspire 2021, Honda Fit 2022, Honda Civic 2022, Honda VE-1 2022, and Honda Breeze 2022. He strongly believes that all existing Honda vehicles are vulnerable to a Rolling-Pwn attack.
I was able to replicate the Rolling Pwn exploit using two different key captures from two different times.
— Rob Stumpf (@RobDrivesCars) July 10, 2022
So, yes, it definitely works. https://t.co/ZenCB3vX5z pic.twitter.com/RBAO7ZtlXZ
Google News