Honda has been exposed to major security flaw

With the development of hacking technology and the improvement of the level of automobile intelligence, the possibility of automobiles being attacked by hackers has become more and more likely. According to The Drive, a large number of Honda vehicles have security flaws that allow hackers to unlock the cars remotely.

Older vehicles use static codes when the owner unlocks the vehicle using the keyless entry system, which is not secure because anyone can capture and re-transmit the code signal to unlock the vehicle. Based on this, manufacturers employ rolling codes to improve vehicle safety.

The rolling code works by using a pseudo-random number generator (PRNG). When the paired key fob transmits a lock or unlock signal, the key fob sends a packaged unique code to the vehicle. The vehicle then checks the code sent by the key fob against the code generated by the PRNG in its internal database, and if the code is valid, the car approves the request to lock, unlock or start the vehicle. It is worth mentioning that since the user may not be in range of the vehicle to receive the signal when he presses the key fob, the valid code will be a series of codes. When the vehicle is successfully unlocked with a valid code, in order to prevent hackers from capturing and replaying the code, its database will invalidate the previous valid code.

And because Honda didn't invalidate these used codes, hackers would be able to unlock the vehicle by capturing and replaying the code sent by the Honda's key fob , a vulnerability security personnel dubbed Rolling-PWM.

In a statement to The Drive, a Honda spokesperson said: "We have investigated similar allegations in the past and found them to lack substance. While we do not have enough information to determine whether the relevant vulnerability reports are credible, The key fobs of the aforementioned vehicles are equipped with rolling code technology, and the vulnerabilities described in the report are unlikely."

However, blogger ROB STUMPF confirmed the breach by capturing and replaying the lock and unlock signals for his 2021 Honda Accord. At the same time, ROB STUMPF said that although the car can be started and unlocked, the vulnerability does not allow the attacker to actually drive the vehicle away due to the proximity function of the key fob. Currently, the following vehicles are potentially affected by this vulnerability:

• 2012 Honda Civic

• 2018 Honda X-RV

• 2020 Honda C-RV

• 2020 Honda Accord

• 2021 Honda Accord

• 2020 Honda Odyssey

• 2021 Honda Step Up

• 2022 Honda Fit

• 2022 Honda Civic

• 2022 Honda VE-1

• 2022 Honda Breeze

In essence, any affected Honda car can be unlocked through the vulnerability, and more importantly, it is unclear whether this can be solved through an OTA update, and whether it requires a dealer to visit the door, Or if Honda will fix that.