According to experts, hackers steal Honda cars – attackers are able to remotely open doors and start car engines using a vulnerability in the keyless entry system.
The researchers named the vulnerability RollingPWN and said that all cars manufactured by Honda between 2012 and 2022 are affected.
You might also be interested to know what Unusual YTStealer Malware Targets YouTubers are.
The description of the RollingPWN attack on Github says that the problem lies in a vulnerable version of the rolling codes mechanism, which is used in almost all modern Honda models.
The vulnerability itself (CVE-2021-46145) lies in non-expiring rolling codes and counter resynchronization. As soon as the counter is resynchronized, the codes from the previous cycle begin to work, which can be exploited by attackers.
The experts successfully tested the attack on the 10 most popular Honda car models from 2012 to 2022, including:
- Honda Civic 2012
- Honda X-RV 2018
- Honda C-RV 2020
- Honda Accord 2020
- Honda Odyssey 2020
- Honda Inspire 2021
- Honda Fit 2022
- Honda Civic 2022
- Honda VE-1 2022
- Honda Breeze 2022
Despite all the accusations and evidence, Honda denies the existence of RollingPWN.
The experts also noted that it is impossible to detect traces of an attack using the vulnerability, since it leaves no entries in the logs. In order not to become a victim of such an attack, the researchers recommend updating the vulnerable firmware of the key fob and placing it in a Faraday cage for prevention. If you have already become a victim of RollingPWN, then you should immediately contact the dealership and reset the key fob.
Recall that not only Honda suffers from hackers. This year, researchers have found many vulnerabilities in Tesla electric vehicles. Vulnerabilities in the Bluetooth LE protocol and Tesla key cards allowed attackers to enter the interior of an electric car and start the engine.
Leave a Comment