Security researchers have found a vulnerability in the remote keyless entry (RKE) system of Honda vehicles that can be exploited by hackers to permanently unlock the car and even start the vehicle remotely.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
The vulnerability, called ‘Rolling-PWN’, affects all Honda vehicles currently sold in the market (between 2012 to 2022), according to the team of researchers from Star-V Lab.
The “Rolling-PWN” attack exploits Honda’s RKE system as it transmits authentication codes between the car and the key fob. The researchers were able to capture the codes using radio equipment and then send them back to the car in order to gain access.
The exploitation does not even leave any traces in traditional log files and therefore the vehicle owners cannot detect if someone has used this against them. This threat should be taken seriously, the research report noted.
The 10 most popular models of Honda vehicles tested include Honda Civic 2012, Honda X-RV 2018, Honda C-RV 2020, Honda Accord 2020, Honda Odyssey 2020, Honda Inspire 2021, Honda Fit 2022, Honda Civic 2022, Honda VE-1 2022 and Honda Breeze 2022.
Although the main focus for this research was Honda cars, the researchers are said to have leads that show the bug exists in other car manufacturers.