Nuked Security researchers and the drive’s Rob Stumpf have posted videos of themselves unlocking and remotely starting several Honda vehicles using handheld radios. The vulnerability is made possible because of a vulnerability in the keyless entry system in many hondas made between 2012 and 2022.
Using radio equipment, someone records a legitimate radio signal from a key fob, then broadcasts it back to the car. In theory, many modern cars use what’s called a rolling key system, basically making it so that each signal will only work once. You press the button to unlock your car, your car unlocks, and that exact signal should n’t ever unlock their car again.
Many new hondas have a vulnerability that allows someone to unlock and start the car without its keys. It’s been dubbed’rolling pwn’.
Researchers have found vulnerabilities where recent hondas used an unencrypted signal that does n’t change. Even those that do have rolling code systems – including the 2020 CR-V, accord, and odyssey – may be vulnerable.
Honda told the drive that the security systems it puts in its key fobs and cars’would not allow the vulnerability as represented in the report’s report’. We’ve asked the company for comment on the drive’s demonstration, which was published on Monday, but it did n’t immediately reply.
The rolling-pwn site claims that it’s only tested on a handful of models. The site also claims that that it affects’all Honda vehicles currently existing on the market’.
