Honda And Acura Replay Attack Lets Hackers Remotely Unlock And Start These Cars
The researchers posted videos demonstrating the use of a radio transceiver to lock, unlock, and remote start a 10th generation (2016-2021) Honda Civic. The videos serve as proof of the capacity for hackers to exploit a vulnerability in Honda’s remote keyless system. The vulnerability is listed in the National Vulnerability Database (NVD) as CVE-2022-27254.
Honda’s remote keyless system sends the same radio frequency (RF) code for each request, rather than employing a rolling code technique that changes the code after every request. As a result, Hondas and Acuras are open to replay Man-in-the-Middle (MitM) attacks, where a nearby attacker intercepts the RF codes sent by the remote keyless system and later uses them to lock, unlock, or remote start the car. If Honda’s remote keyless system used rolling codes, then a code intercepted by an attacker could not be re-used, but, since the codes are fixed, an attacker can re-transmit an intercepted code and successfully lock, unlock, or remote start the target vehicle.
A Honda spokesperson told BleepingComputer that it has not verified these vulnerabilities, but that if the company’s vehicles are vulnerable, “Honda has no plan to update older vehicles at this time.” The spokesperson added that “It's important to note, while Honda regularly improves security features as new models are introduced, determined and technologically sophisticated thieves are also working to overcome those features.” The spokesperson also pointed out that this hack is relatively sophisticated compared to other means that thieves can use to access vehicles and requires thieves to be within close proximity of a vehicle while the owner is using the remote keyless system.