Security researchers have discovered a new way to remotely unlock and start several Honda models by stealing codes from the owner’s ignition key.
The newly discovered bug, dubbed “Rolling-PWN”, is detailed in a new file Blog post From Star-V Lab. In order to exploit them, though, the attacker would first need to wirelessly steal the codes from the Honda owner’s keychain. However, this can be done from a distance of approximately 100 feet.
Once these codes are saved, they can be reused later to unlock old vehicles or start new ones remotely without the owner’s knowledge. Rolling-PWN was also tested by Rob Stumpf from CD player Who used the error to open and start his Honda car.
Fortunately, an attacker cannot use the bug to get rid of your Honda because they would need the actual ignition key on hand to do so.
Static Tokens vs. Rolling Tokens
No matter what make or model of car you have, your ignition key is actually a small radio that sends codes to your car to unlock/lock or even start newer car models.
While older vehicles use fixed codes that don’t change, newer cars use graduated codes that change every time the ignition key is pressed. Rolling-PWN works by picking up hard tokens and then restarting them to get into a weak vehicle.
This isn’t the first time Honda key chains have been used in this way. In fact, there is a vulnerability in 2012 Honda Civic cars (tracked as CVE-2021-46145 (Opens in a new tab)) allows restarting codes to unlock them and this is also the case with a separate vulnerability (tracked as CVE-2022-27254 (Opens in a new tab)) in Honda Civic 2018 cars.
A Honda spokesperson provided more details in an email to Tom’s manual saying:
“We can confirm the researchers’ claims that it is possible to use sophisticated tools and technical know-how to mimic Remote Keyless commands and gain access to specific vehicles or our vehicles. However, while this is technically possible, we would like to reassure our customers that this particular type of attack, which requires signal capture Continuous convergence of multiple sequential RF transmissions, which cannot be used to push the car away. Moreover, Honda is regularly improving safety features while introducing new models that will thwart this and similar approach.”
Not only Honda
In their initial report on the matter, security researchers Kevin2600 and Wesley Li of Star-V Lab explained that this same bug may be present in other automakers’ cars and that’s why they named it Rolling-PWN rather than just Honda-PWN.
However, the researchers successfully tested the bug on 10 of Honda’s most popular cars from 2012 to 2022, including the following models:
- Honda Civic 2012
- Honda X-RV 2018
- Honda C-RV 2020
- Honda Accord 2020
- Honda Odyssey 2020
- Honda Inspire 2021
- Honda Fit 2022
- Honda Civic 2022
- Honda VE-1 2022
- Honda Breeze 2022
They also have reason to believe that the vulnerability affects other automakers with plans to release more details at a later time.
The fix probably won’t come for older models
Old Honda owners may not be so lucky when it comes to repair because they don’t support OTA updates.
The company may roll out a patch for newer cars that will be delivered wirelessly, but since older cars lack the ability to receive these updates, they will likely still be vulnerable to Rolling-PWN.
Fortunately, this hack requires sophisticated equipment and some technical know-how which means that it will not be possible to replicate it for everyone. However, you may want to keep a close eye on your car, install one of the best dashboard cameras and use your keys instead of your ignition key to unlock your car in the meantime.
[ad_2]