Honda Hackers Learned How to Unlock and Remotely Start Cars
Researchers have discovered a vulnerability in Honda vehicles that could allow hackers to unlock doors and start the cars remotely. The security flaw has been named “RollingPWN,” and it affects all Honda models released between 2012 and 2022, according to the researchers. Honda is none too pleased with the findings; the Japanese carmaker claims the flaw is “old news,” as VICE reports.
The flaw traces to the keyless entry system Honda cars use, as Kevin26000 and Wesley Li explain in the RollingPWN report. They found the bug affects ten of the most popular Honda models, which leads them to believe it affects virtually all Hondas from 2012 onward. These Hondas use a rolling code mechanism that assigns different codes every time owners use their key fob.
Each button press sends a new code from the key fob to the car, which should (theoretically) render old codes unusable. But Kevin2600 found that it’s possible to roll back these codes, retrieve an old one and reuse it to unlock the doors and start the car from a distance of up to 98 feet. The exploit is also undetectable, leaving no trace after being used. The team tested the hack at a Honda dealership, and recorded the results:
Kudos for that unexpectedly happy soundtrack, by the way. In the many other videos the researchers published, they can be seen using a basic radio device users can reprogram and rewrite. The hardware is open source, and VICE shows how easily available these devices are with a hyperlink. The RF device captures the last code used by a Honda owner via the key fob and replays it. The car then accepts the old code, and lets the hacker in.
To make matters worse, this exploit heaps on to Honda’s cybersecurity woes. A similar flaw was discovered in March of this year, but it dealt with fixed codes rather than rolling codes. Honda responded to those allegations by saying they were untrue because the cars mentioned in the research used rolling codes.
It would make sense, then, that if the flaw was inherent in fixed code keyless entry systems, then Honda cars would be immune. Yeah, well, what happens when the bug bites rolling code systems, too? RollingPWN is what! When the team reported the security flaw to Honda, they were basically told to kick rocks; a Honda worker told the researchers to file a report with customer service.
The team suggests a solution requires a recall of all affected vehicles, but given how many Hondas use rolling codes, that doesn’t seem feasible. They said the next best solution is an OTA firmware patch, but many of these cars don’t support OTA. The researchers concluded by saying more research is coming, because they believe the bug affects many more vehicles — not just Hondas.