U.S. markets close in 4 hours 32 minutes

  • S&P 500

    3,861.70
    +7.27 (+0.19%)
     

  • Dow 30

    31,298.59
    +124.75 (+0.40%)
     

  • Nasdaq

    11,389.82
    +17.22 (+0.15%)
     

  • Russell 2000

    1,738.73
    +6.72 (+0.39%)
     

  • Crude Oil

    96.75
    -7.34 (-7.05%)
     

  • Gold

    1,730.60
    -1.10 (-0.06%)
     

  • Silver

    18.98
    -0.16 (-0.82%)
     

  • EUR/USD

    1.0072
    +0.0030 (+0.30%)
     

  • 10-Yr Bond

    2.9080
    -0.0830 (-2.77%)
     

  • GBP/USD

    1.1905
    +0.0013 (+0.11%)
     

  • USD/JPY

    136.6410
    -0.7790 (-0.57%)
     

  • BTC-USD

    19,929.41
    -447.91 (-2.20%)
     

  • CMC Crypto 200

    426.36
    -1.01 (-0.24%)
     

  • FTSE 100

    7,213.97
    +17.38 (+0.24%)
     

  • Nikkei 225

    26,336.66
    -475.64 (-1.77%)
     

Honda key fob flaw lets hackers remotely unlock and start cars

Carly Page
·3 min read

The hackers demonstrating the radio replay attack using a vulnerable Honda keyfob. Honda said it could not determine if the attack was "credible." Image Credits: Star-V Lab

Security researchers have revealed a vulnerability in Honda’s keyless entry system that could allow hackers to remotely unlock and start potentially "all Honda vehicles currently existing on the market."

The “Rolling-Pwn” attack, uncovered by Star-V Lab security researchers Kevin2600 and Wesley Li, exploits a vulnerability in the way Honda’s keyless entry system transmits authentication codes between the car and the key fob. It works in a similar way to the recently discovered Bluetooth replay attack affecting some Tesla vehicles; using easily purchasable radio equipment, the researchers were able to eavesdrop and capture the codes, then broadcast them back to the car in order to gain access.

This allowed the researchers to remotely unlock and start the engines of cars affected by the vulnerability, which includes models from as far back as 2012 and as recent as 2022. But according to The Drive, which independently tested and verified the vulnerability on a Honda Accord 2021, the key fob flaw doesn't allow an attacker to drive off with the vehicle.

As noted by the researchers, this kind of attack should be prevented by the vehicle's rolling codes mechanism — a system introduced to prevent replay attacks by providing a new code for each authentication of a remote keyless entry. Vehicles have a counter that checks the chronology of the generated codes, increasing the count when it receives a new code.

Kevin2600 and Wesley Li found that the counter in Honda vehicles is resynchronized when the car vehicle gets lock and unlock commands in a consecutive sequence, causing the car to accept codes from previous sessions that should have been invalidated.

By sending the commands in a consecutive sequence to the Honda vehicles, it will be resynchronizing the counter,” the researchers write. “Once counter resynced, commands from the previous cycle of the counter worked again. Therefore, those commands can be used later to unlock the car at will.”

The researchers say they tested their attack on several Honda models, including the Honda Civic 2012, Honda Accord 2020, and Honda Fit 2022, but warn that the security vulnerability could affect "all Honda vehicles currently existing on the market" and may also affect other manufacturers’ cars.

The security researchers say they attempted to contact Honda about the vulnerability but found that the company “does not have a department to deal with security-related issues for their products.” As such, they reported the issue to Honda customer service but have not yet received a response.

TechCrunch also did not receive a response from Honda, but in a statement to The Drive, the company insisted that the technology in its key fobs "would not allow the vulnerability as represented in the report."

"We’ve looked into past similar allegations and found them to lack substance," a Honda spokesperson said. "While we don’t yet have enough information to determine if this report is credible, the key fobs in the referenced vehicles are equipped with rolling code technology that would not allow the vulnerability as represented in the report. In addition, the videos offered as evidence of the absence of rolling code do not include sufficient evidence to support the claims."

As noted by the security researchers, if Honda was to acknowledge the flaw, fixing it would be difficult due to the fact that older vehicles don’t support over-the-air (OTA) updates. Worryingly, the researchers also warned there’s no way to guard against the hack and no way to determine if it happened to you.

New Bluetooth attack can remotely unlock Tesla vehicles and smart locks

Recommended Stories

  • Volkswagen, Audi tap Redwood Materials to recycle its old EV batteries in US

    Volkswagen of America and Audi have locked in a resurrection plan for old battery packs from its growing slate of EVs. The two VW Group brands have contracted with startup Redwood Materials to recover and recycle end-of-life EV battery packs from its 1,000-dealership network in the United States. Instead, Redwood will bring the packs to its Carson City, Nevada factory, where more than 95% of the metals found in these batteries — including nickel, cobalt, lithium and copper — will be recovered and used to remanufacture anode and cathode components.

  • 2023 Honda CR-V Gets a Handsome Redesign, New Sport Trims for Hybrid

    The sixth-gen compact SUV is larger, better-equipped, and more attractive inside and out. It's available in EX, EX-L, Sport, and Sport Touring versions.

  • 2023 Honda CR-V gets bigger, meaner and greener

    Honda's redesigned 2023 CR-V is poised to take on the likes of the Toyota RAV4 and Nissan Rogue in the high-volume compact crossover segment.

  • Tesla’s Giga Berlin is only building black or white cars: Report

    According to Automotive News European sister site Automobilwoche, Tesla’s Giga Berlin plant is only making Model Y SUVs in two colors: black or white.

  • Boeing CEO threatens to cancel 737 Max 10 as key deadline looms

    David Calhoun told Aviation Week that Boeing is willing to walk away from the plane if the alternative is to make costly design changes.

  • Ford Having Some Really Bad Luck With Its Vehicles

    Ford Motor Co. would probably like to hide under the hood of its vehicles lately, but that might not be such a good idea with the all bad luck the automaker has faced with its vehicles. Mich., company on July 8 issued a safety recall of a total of 100,689 of its 2020-2022 Corsair, Escape and Maverick vehicles with 2.5 liter HEV/PHEV engines because of an under hood fire hazard, according to a statement it sent to UPI. "Ford is issuing a safety recall for certain vehicles with 2.5-liter HEV/PHEV engine because in the event of an engine failure, significant quantities of engine oil and/or fuel vapor may be released into the under hood environment and may migrate to and/or accumulate near ignition sources resulting in potential under hood fire, localized melting of components, or smoke," Ford said in the statement.

  • Tesla Stock Vs. BYD Stock: China EV Dives On Rumors Warren Buffett Selling Stake

    Tesla stock vs. BYD stock: BYD has seized Tesla's EV crown. But the EV giant dived on reports that Warren Buffett is selling some shares.

  • UPDATE 1-Walmart to electrify its delivery fleet with Canoo EVs

    Walmart Inc has struck a deal with Canoo Inc to buy 4,500 electric vehicles as part of the U.S. retailer's goal to achieve net-zero emissions by 2040. Shares of Canoo jumped about 37% in trading before the bell, after Walmart said on Tuesday that it also had an option to purchase up to 10,000 units as it electrifies its delivery fleet. In June, Walmart said it was expanding transportation pilots with the manufacturers of electric, hydrogen and natural gas-powered vehicles, including Cummins Inc and Daimler Truck's Freightliner.

  • Is Ford Stock A Buy Or Sell After June Sales Buck Industry Trend?

    Ford Motor began the new decade with optimism as it emerged to compete in the era of smart vehicles and clean energy. The Ford Mustang Mach-E, an all-electric crossover, made its commercial debut in the U.S. in late 2020. Ford is beginning production of the Mach-E, a competitor to the Tesla Model Y, in China as well.

  • Tesla Rival Rivian Considers a Major Move

    The young manufacturer of electric vehicles wants to reduce its costs in full increase in production rates.

  • The battle to reinvent Rolls-Royce

    Rolls-Royce chairman Anita Frew is busy interviewing the last few candidates to succeed Warren East as the jet engine maker attempts to put a torrid few years in the rear-view mirror.

  • Electric vehicles: What Ford’s Mustang Mach-E offers drivers

    Yahoo Finance auto reporter Pras Subramanian reviews the Mustang Mach-E, Ford's electric vehicle made to compete with Tesla.

  • Walmart to electrify its delivery fleet with Canoo EVs

    Shares of Canoo jumped about 37% in trading before the bell, after Walmart said on Tuesday that it also had an option to purchase up to 10,000 units as it electrifies its delivery fleet. Financial terms of the deal were not disclosed. In June, Walmart said it was expanding transportation pilots with the manufacturers of electric, hydrogen and natural gas-powered vehicles, including Cummins Inc and Daimler Truck's Freightliner.

  • More Likely to 5X First: General Motors Vs Ford

    General Motors (NYSE: GM) and Ford Motor (NYSE: F) have co-existed throughout American automotive history like chocolate and vanilla in your favorite ice cream parlor. Although General Motors and Ford share similarities, their different strategies to pursue growth in electric vehicles could make one a superior long-term investment to the other. Ford's pulled no punches, bringing its three most popular models to the EV market, including the Mustang (Mach-E), F-150 Series (F-150 Lightning), and Ford Transit Van (E-Transit).

  • Rivian Stock Tumbles Amid Report Of Looming Layoffs; Is RIVN Stock A Buy?

    EV startup Rivian is working through growing pains, amid rising raw material costs and chip shortages. Is Rivian stock a buy?

  • Taiga Begins Deliveries of its Orca Electric Personal Watercraft

    Taiga Motors Corporation (TSX: TAIG) ("Taiga" or the "Company"), a leading electric off-road vehicle manufacturer, today announced it initiated deliveries of its Orca™ personal watercraft. Taiga's 2022 Orca marks its world's first electric personal watercraft sale, as the Company continues to ramp up production, furthering its legacy of being a pioneer in the electric powersports industry.

  • Not ready for an electric car? These future models could make you change your mind.

    If you consider yourself an electric car holdout, think again. Manufacturers are creating futuristic EV models that could turn heads and hearts into converts.

  • Fact check: Electric vehicles put no strain on power grid, experts say

    The claim that electric vehicles put a damaging strain on the power grid is false. Read to learn more about misinformation surrounding electric cars.

  • Tesla Is Getting Into the Used-Car Business

    Tesla doesn’t just make cars. “Trade-in your current vehicle for a new Tesla Enter your VIN to receive an estimate for your trade-in.” Tesla (ticker: TSLA) didn’t respond to a request for comment.

  • Low Inventory and EV Sales Fuel Changes in How Americans Buy Cars

    Empty dealer lots, above-sticker prices and online sales—supply-chain issues and a shift toward electric vehicles have accelerated changes in the car-buying process. We visit a car dealer to see how consumers and sellers are adapting and what changes might be here to stay. Photo: Adam Falk/The Wall Street Journal