Posted on July 14, 2022 at 4:52 AM
Security researchers have discovered a major vulnerability that allows hackers to remotely unlock and start cars. The hackers demonstrated the radio replay attack through a bogus Honda key fob. Honda stated that he couldn’t determine whether the attack was “credible.”
The vulnerability was revealed in Honda’s keyless entry system that may enable hackers to potentially start “all Honda vehicles currently existing on the market.” The attack was discovered by security researchers at Star-V Lab, Wesley Li, and Kevin2600.
The vulnerability was exploited in the way the Honda keyless entry system is used to transmit authentication codes between the car and the key fob. It also acts like the Bluetooth replay attack, which was recently discovered in some Tesla vehicles. It uses easily purchasable radio equipment, where the researchers can eavesdrop and capture the codes before broadcasting them to the car to compromise the system and have access to the car.
The researchers, through the bug, were able to unlock the car and start its engine remotely. The models affected by this vulnerability include both recent 2022 models and those from as far back as 2012. The Drive tested the bug on a Honda Accord 2021 model. They discovered that the fob key does not enable the threat actor to drive off with the vehicle, despite the initial access to start the car.
The Car’s Rolling Codes System Could Prevent The Bug
The researchers stated that the flaw could be prevented by the rolling codes system of the vehicle. The mechanism was introduced to prevent replay attacks by providing a new code for each remote keyless entry authentication.
Vehicles are equipped with a counter that monitors the chronology of the generated codes, which increases the counts when it receives a new code.
The researchers discovered that the offset in the Honda vehicles is resynchronized when the cars use to lock and unlock commands via a successive sequence. This made the vehicle accept codes from past sessions that should have been invalidated.
The researchers added that the counter s resynchronized “by sending the commands in a consecutive sequence to the Honda vehicles.”
After the commands are resynched, the commands from the past circles can be used again on the vehicle. As a result, the hacker can use the command to later unlock the vehicle at any time.
The researchers stated that the vulnerability was tested on several Honda models, including Honda Fit 2022, Honda Accord 2020, and Honda Civic 2012. They added that at the moment the vulnerability can impact all types of Honda vehicles in the market as well as some other manufacturers’ cars.
Honda Says The Attack Is Technically Possible
Wesley Li and Kevin2600 said they wanted to contact Honda about the flaw, but discovered that the firm does not have a department that deals strictly with issues of vulnerability. As a result, the issue was reported to Honda’s customer service, but it has not yet received a reply.
However, Honda spokesperson, Chris Naughton, while commenting on the development, told The Drive that the technology was initially inserted in the key fob, and would not enable the flaw represented in the report.
But the spokesperson later stated that the firm confirmed that claims that it’s still possible for hackers to deploy advanced tools and technical know-how to impersonate Remote Keyless commands to have access to some car models, including Honda.
Although gaining access to the car’s system is technically possible, Chris said the type of hack that could expose the system will require several things to go right before it succeeds. It requires steady close-proximity signal capture of several sequential RF transmissions.
The hacker will also encounter a lot of issues driving the vehicle even after gaining access. Additionally, Chris noted that Honda always provides updates to its security features, especially on new models. These features are equipped with highly countering mechanisms that thwart this type of security threat and other approaches.
Although the firm is not planning to provide security updates to older models, redesigned 2022 and 2023 models have been equipped with an improved system that can prevent this type of attack, the researcher added.