A team of researchers has discovered a severe vulnerability affecting Honda (and likely other brands) cars. Identified as “Rolling PWN”, this vulnerability allows anyone to unlock the target cars and start the car engine remotely.
Rolling PWN Vulnerability Allows Unlocking Honda Cars
According to a dedicated web page set up on GitHub, researchers have identified “Rolling PWN” vulnerability affecting almost all existing Honda cars.
The researchers, Kevin2600 and Wesley Li from Star-V Lab, discovered the vulnerability in the rolling codes mechanism implemented in Honda vehicles.
As explained, the rolling code mechanism increases the code synchronizing counter after every key press on the keyfob. This mechanism helps prevent replay attacks. However, due to the vulnerability in Honda’s mechanism, the researchers noticed a possible “resync” of the counter.
The vehicle receiver will accept a sliding window of codes, to avoid accidental key pressed by design. By sending the commands in a consecutive sequence to the Honda vehicles, it will be resynchronizing the counter.
Thus, it becomes possible to enter the commands from the previous cycle. That means an adversary could use previous commands to unlock the target vehicle’s door, start the car engine, and perform other actions. Since this attack involves the keyless entry system, it does not require the adversary to have physical access to the target vehicle. Instead, this attack can be performed from a distance without leaving any traces.
To demonstrate their findings, the researchers tested the following 10 Honda models released between 2012 and 2022.
- Honda Civic 2012
- Honda X-RV 2018
- Honda C-RV 2020
- Honda Accord 2020
- Honda Odyssey 2020
- Honda Inspire 2021
- Honda Fit 2022
- Honda Civic 2022
- Honda VE-1 2022
- Honda Breeze 2022
Nonetheless, they fear that the vulnerability potentially affects all existing Honda models. They have also shared numerous videos demonstrating the exploit.
Other Car Brands May Also Be Vulnerable
The vulnerability has received the CVE ID CVE-2021-46145. According to the researchers, this vulnerability typically resides in the rolling code mechanism, suggesting that it may also affect other car brands that deploy the same vulnerable mechanism.
For now, the researchers have not released any tools to test the vulnerability as it would threaten the vehicles’ security. That’s especially important given that the vulnerability has no workaround or fix presently available. Therefore, the only viable solution seems a massive recall besides launching an upgraded BCM firmware via OTA updates to the affected cars.