Honda hackers learned how to unlock cars and start them remotely

A Honda Civic lights up and chirps as researchers test the security of its keyless entry system.

Researchers have discovered a vulnerability Honda Vehicles that could allow hackers to do so unlock doors and start the cars away. The vulnerability was named “RollingPWN‘, and it affects all Honda models released between 2012 and 2022, according to the researchers. Honda is not too happy with the results; The Japanese automaker claims the bug is ‘old news’ since VICE reports.

The error stems from the keyless entry system used by Honda vehicles Kevin26000 and Wesley Li explain in the RollingPWN report. They found that the bug affects ten of the most popular Honda models, leading them to believe it affects virtually all Hondas as of 2012. These Hondas use a rolling-code mechanism that assigns different codes each time the owner uses their key fob.

Each button press sends a new code from the key fob to the car, which should (theoretically) render old codes useless. But Kevin2600 found it was possible to reverse these codes, retrieve an old one and reuse it to unlock the doors and start the car from up to 30 meters away. The exploit is also undetectable and leaves no traces after use. The team tested the hack at a Honda dealership and recorded the results:

Kudos for that unexpectedly upbeat soundtrack, by the way. In the many other videos of the researchers released, they can be seen with a simple radio that users can reprogram and rewrite. The hardware is open source and VICE shows how readily available these devices are with a hyperlink. The RF device captures and plays back the last code used by a Honda owner via the key fob. The car then accepts the old code and lets the hacker in.

To make matters worse, this exploit is piling on Honda’s cybersecurity issues. A similar bug was discovered in march of this year, but they were fixed codes rather than rolling codes. Honda responded to these allegations by saying they were untrue because the cars mentioned in the investigation used rolling codes.

So it would make sense that Honda cars would be immune if the bug was inherent in fixed-code keyless entry systems. Yeah, well, what if the bug bites rolling code systems too? RollingPWN is what! When Team Honda reported the vulnerability, they were basically told to kick rocks; A Honda employee asked the researchers to submit a report to customer service.

The team suggests a fix would require a recall of all affected vehicles, but given how many Hondas are using rolling codes, that doesn’t seem feasible. They said the next best thing is an OTA firmware patch, but many of these cars don’t support OTA. The researchers concluded by saying more research is forthcoming because they believe the fault affects many more vehicles — not just Hondas.

Image for the article titled Honda hackers have learned how to unlock cars and start them remotely