This is something the carmaker will have to look into immediately.
Security researchers have found a huge problem with Honda's keyless entry system. It could allow hackers to unlock and start all Honda vehicles on the market today, including the Honda Civic. The software is called a 'Rolling-Pwn' attack and was discovered by Star-V Lab researchers Wesley Li and Kevin2600. Effectively, the hack exploits Honda's keyless entry system to start the car. It does so by transmitting the proper authentication codes between the car and the key fob.
We've seen this before with Honda. And earlier this year a 19-year-old hacked 25 Teslas from all over the world. The F-150 Lightning was, up until recently, extremely vulnerable to Bluetooth hacks. Some have even used it as an anti-Putin propaganda tool.
Star-V notes this kind of attack can be prevented by a car's rolling-codes mechanism. That's a system that is designed to prevent reply attacks (a type of hack) by providing a new code for each authentication attempt by a remote key fob. Evidently, it does not do that properly.
The attack "eavesdrops" on a paired keyfob, capturing codes sent by the fob. Then, the attacker can replay a sequence of valid codes and re-sync the car's Pseudorandom Number Generator (PRNG). As a result, a hacker can use codes from earlier that otherwise wouldn't work. These systems are secure because they almost never use the same code twice (as a result of the PRNG). With the hack, not only will the system take an old code, but it'll use it to start the car.
As of now, the hack has been tested on a wealth of Honda models. The Honda Civic from 2012, a 2020 Accord, and a 2022 Fit were all successfully hacked. Reportedly, the hack also allows you to drive the vehicle as if the key is inside. Right now, it's unclear whether that means the car can then keep driving without the key.
For now, Honda has not issued a public statement regarding the hack. Should Honda classify it as a legitimate threat, a recall will likely have to be issued. Given the breadth of models covered, this hack could also necessitate an entirely new build for Honda's keyless entry systems- a very, very expensive proposition.
Acura
Alfa Romeo
Aston Martin
Audi
Automobili Pininfarina
Bentley
BMW
Bollinger
BrightDrop
Bugatti
Buick
Cadillac
Caterham
Chevrolet
Chrysler
Dodge
Ferrari
Fiat
Fisker
Ford
Genesis
GMC
Gordon Murray Automotive
Hennessey
Honda
Hyundai
Ineos Automotive
Infiniti
Jaguar
Jeep
Karma
Kia
Koenigsegg
Lamborghini
Land Rover
Lexus
Lincoln
Lordstown
Lotus
Lucid Motors
Maserati
Mazda
McLaren
Mercedes-Benz
Mini
Mitsubishi
Nissan
Pagani
Polestar
Porsche
Ram
Rimac
Rivian
Rolls-Royce
Spyker
Subaru
Tesla
Toyota
VinFast
Volkswagen
Volvo
Join The Discussion