A researcher has uploaded proof-of-concept (PoC) films demonstrating how an attacker may remotely open the doors and start the engine of a Honda automobile.
The attack is conceivable because to a remote keyless system vulnerability (CVE-2022-27254) that appears to affect all Honda Civic (LX, EX, EX-L, Touring, Si, and Type R) cars produced between 2016 and 2020.
The problem is that commands to unlock/lock doors, open the boot, or start the engine remotely all use the same unencrypted radio frequency (RF) signal, according to Ayyappan Rajesh, a student at the University of Massachusetts Dartmouth.
As a result, a man-in-the-middle attacker may listen in on the request and then utilise it to launch a replay attack.
Basically, if an attacker is near a vulnerable vehicle, they can capture the car owner’s remote signal to open and start the vehicle wirelessly, and then repeat the identical activity on their own.
The problem, on the other hand, is not new. In fact, researchers first discovered the possibility of such attacks in 2017, and in 2019 a CVE identifier was provided (tracked as CVE-2019-20626).
“A hacker can acquire total and limitless access to locking, unlocking, manipulating the windows, opening the trunk, and starting the engine of the target vehicle,” according to one researcher.
Despite the fact that CVE-2019-20626 has been demonstrated to affect a variety of Honda vehicle models, the researcher alleges that the carmaker has continued to use the vulnerable technology in production.
According to the researcher, assaults can be avoided if users don’t use their RF fobs and Honda uses a “rolling code” system, in which a new code is created each time the user presses the fob’s button, providing a more secure authentication mechanism.
“Honda has not independently confirmed the information provided by this researcher and is unable to confirm whether its vehicles are vulnerable to this type of attack.” Honda has no plans to update older vehicles at this time, according to a Honda spokeswoman.
“At this point, it appears that the devices only work in close vicinity or while physically linked to the target car,” the spokesman stated, “requiring local receipt of radio signals from the vehicle owner’s key fob when the vehicle is opened and started nearby.”
Even if an attacker uses this technique to remotely unlock a car’s door and start the engine, they won’t be able to drive it away until “a legitimate key fob with a separate immobiliser chip is present in the vehicle, lowering the possibility of vehicle theft,” according to Honda.
“There is no evidence that the claimed door lock vulnerability has resulted in the ability to drive an Acura or Honda vehicle,” the representative said.