10.1 C
London
Tuesday, September 27, 2022

This remote keyfob hack could leave Honda’s past decade vulnerable

Must read

Trump fan who attacked cop Fanone on Jan. 6 sentenced to more than 7 years in prison

WASHINGTON — A Donald Trump fan who brought his teenage son with him when he attacked then-D.C. police officer Mike Fanone and another officer...

Can crypto make the world a better place? • londonbusinessblog.com

Image Credits: londonbusinessblog.com The crypto world has never shied away from making big promises, but as the industry matures and the public expands, now is...

Dotcom Crash Lessons, Lower CAC, Product Driven Sales • londonbusinessblog.com

On a recent Twitter Space, M13 partner Anna Barber and I looked back at the dotcom crash in search of lessons operators can use...

Limit reached – Join the EU Startups CLUB

€147/quarter This option is ideal for companies and investors who want to keep up to date with Europe's most promising startups, have full access...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Security researchers and The rideRob Stumpf’s recently hebben posted videos of herself unlocking and remotely starting several Honda vehicles using portable radios, despite the company’s insistence that the cars have security guards intended to deter attackers from doing just that. According to the researchers, this hack is made possible by a vulnerability in the keyless entry system in many Hondas made between 2012 and 2022. named the vulnerability Rolling-PWN

The basic concept for Rolling-PWN is similar to attacks we’ve seen before against VWs and Teslas, as well as against other devices; using radio equipment, someone picks up a legitimate radio signal from a key fob and then transmits it back to the car. It’s called a replay attack, and if you think it should be possible to defend against this kind of attack with some sort of cryptography, you’re right. In theory, many modern cars use a so-called ‘rolling key’ system, which basically means that each signal only works once; you press the button to unlock your car, your car will be unlocked and that exact signal should never unlock your car again.

But if jalopnik points out, not every recent Honda has that level of protection. Researchers have also found vulnerabilities where surprisingly recent Hondas (particularly 2016 to 2020 Civics) have a unencrypted signal that does not change† And even those that do have a rolling code system — including the 2020 CR-V, Accord and Odyssey, Honda tells Vice — could be vulnerable to the recently discovered attack. Rolling-PWN’s website has videos of the hack used to unlock those vehicles with rolling code, and Stumpf was able to… well, almost a 2021 agreement pwn with the exploit, enable the engine remotely and then unlock it.

Honda told The ride that the security systems it puts in its keychains and cars “would not allow the vulnerability as depicted in the report” to run. In other words, the company says the attack shouldn’t be possible — but it’s clear it somehow is. We asked the company for comment on The ride‘s demonstration, which was published Monday, but which did not immediately respond.

According to the Rolling-PWN website, the attack works because it’s able to resync the car’s code counter, meaning it accepts old codes — basically because the system is built to have some tolerances (so you can use your keyless entry even if the button is pressed once or twice while you are away from the car, so the car and the remote control remain in sync), the security system can be disabled. The site also claims it affects “all Honda vehicles currently on the market,” but admits it has only been tested in a handful of model years.

Even more worryingly, the site suggests other makes of cars are also affected, but is vague on the details. While it makes me nervous about my Ford, it’s probably a good thing – if the security researchers follow standard responsible disclosure procedures, they should contact automakers and give them a chance to address the issue before details are made public. . According to jalopnikthe investigators would have contacted Honda but were told to file a report with customer service (which are not exactly standard security practices).


More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Trump fan who attacked cop Fanone on Jan. 6 sentenced to more than 7 years in prison

WASHINGTON — A Donald Trump fan who brought his teenage son with him when he attacked then-D.C. police officer Mike Fanone and another officer...

Can crypto make the world a better place? • londonbusinessblog.com

Image Credits: londonbusinessblog.com The crypto world has never shied away from making big promises, but as the industry matures and the public expands, now is...

Dotcom Crash Lessons, Lower CAC, Product Driven Sales • londonbusinessblog.com

On a recent Twitter Space, M13 partner Anna Barber and I looked back at the dotcom crash in search of lessons operators can use...

Limit reached – Join the EU Startups CLUB

€147/quarter This option is ideal for companies and investors who want to keep up to date with Europe's most promising startups, have full access...

These are the 4 startups that CBA’s x15ventures supports

Commonwealth Bank's venture-scale arm, x15ventures, has selected four payment startups as finalists for the Xccelerate22 program. The four - paytron, You pay, Cape and persolo...