December 8, 2023

Researchers published a proof of concept for a vulnerability in Honda’s remote keyless system.

A video has been posted by the researchers demonstrating by using radio transceiver to lock, unlock, and remote start a 10th generation (2016-2021)  Honda Civic. The videos serve as proof of the capacity for hackers to exploit a vulnerability in Honda’s remote keyless system. The vulnerability is listed in the National Vulnerability Database as CVE-2022-27254.

Advertisements

Honda’s remote keyless system sends the same radio frequency code for reach request, rather than employing a rolling code technique that changes the code after every request. Hondas and Acuras are open to replay MitM attacks, where a nearby attacker intercepts the RF codes sent by the remote keyless system and later uses them to lock, unlock, or remote start the car.

If Honda’s remote keyless system used rolling codes, then a code intercepted by an attacker could not be re-used, but, since the codes are fixed, an attacker can re-transmit an intercepted code and successfully lock, unlock, or remote start the target vehicle. 

This vulnerability has appeared before in the NVD under two different CVE identifiers. CVE-2019-20626 dates back to 2019 and pertains to the 2017 Honda HR-V. The other CVE identifer, CVE-2021-46145, was registered in the NVD after a researcher published a proof of concept for an exploit of the vulnerability on a 2012 Honda Civic.

Blake Berry, brought the vulnerability and published a video in previous instances demonstrating the exploit on a 2016 Honda Accord and confirmed that it worked on a 2009 Acura TSX, a 2018 Honda Civic Hatchback, and a 2020 Honda Civic LX.

Advertisements

Honda has no plan to update older vehicles at this time. It regularly improves security features as new models are introduced, attackers are also working to overcome those features. Since this hack is relatively sophisticated compared to other means that attackers can use to access vehicles and requires to be within close proximity of a vehicle while the owner is using the remote keyless system

Honda statement

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d