Researchers have discovered a flaw in Honda’s motobike the means that can allow hackers Unlock the door and start the car from far away. The vulnerability has been named “RollingPWNAnd it affects all Honda models released between 2012 and 2022, according to the researchers. Honda’s motobike not overly satisfied with the findings; the Japanese automaker claims the vulnerability is “old news”, as BEHAVIOR BEHAVIOR report.
The vulnerability reveals the keyless entry system that Honda vehicles use, like Kevin26000 and Wesley Li explained in the RollingPWN report. They found this bug affects the 10 most popular Honda models, leading them to believe it affects virtually all Hondas from 2012 onwards. These Hondas use a reelthe g-code mechanism assigns different codes each time the owner uses their key fob.
Each button press sends a new code from the keypad to the car, which will (theoretically) render the old codes unusable. But Kevin2600 found that it was possible to recover these codes, retrieve the old codes and use them again to unlock doors and start the car from up to 98 feet away. The exploit is also undetected, leaving no trace after use. The team tested the hack at a Honda dealership and recorded the results:
By the way, compliment that surprisingly cheerful soundtrack. In many other videos, the researchers published, they can be seen using a basic radio device that can be reprogrammed and rewritten by the user. The hardware is open source and BEHAVIOR BEHAVIOR indicate the ease of use of these devices with hyperlink. The RF device records the last code used by the Honda owner via the key fob and plays it back. The car then accepts the old code and allows the hacker to break in.
To make matters worse, this exploit causes Honda’s cybersecurity woes. A similar vulnerability was discovered in Steps are of this year, but it handles fixed code, not scrolling code. Honda responded to those allegations by saying they were untrue because the cars mentioned in the study used rolling codes.
Therefore, it would make sense that if the flaw was fixed in the keyless entry system, then Honda cars would be immune. Well, what happens when bugs also bite roll code systems? What is RollingPWN! When the team reported the security bug to Honda, they were basically asked to throw stones; A Honda worker asked the researchers to file a report with customer service.
The team proposes a solution that would require a recall of all affected vehicles, but given the number of Hondas using rolling codes, that doesn’t seem feasible. They say the next best solution is an OTA firmware patch, but many of these cars do not support OTA. The researchers concluded by saying more studies will be needed, because they believe the bug affects more vehicles – not just Hondas.
