Honda, The Power of Dreams And Rolling Code Implementations
Hope You Don’t Have A Honda … Alternatively; What’s A Security Department?
10 out of 10 tested Honda models agree; anyone can remotely unlock or start them if they just keep trying and Honda doesn’t seem to plan to do anything about it. The researcher that discovered this vulnerability tried to contact Honda’s security department before releasing their process but found that no such entity exists to be contacted. They then tried regular customer support services, but after several weeks without a response they felt they needed to let the world know.
The problem lies in how Honda set up their remote access fobs, which are used to unlock and start their cars. The signals sent can be eavesdropped with the use of software defined radio on an SBC like a Raspberry Pi and the codes captured. In order to verify the authenticity of the fob sending the signal it also has a synchronization counter which needs to match the one on the receiver in the car. Unfortunately after capturing enough pairing signals, and taking advantage of the way Honda ensures accidental keypresses do not unsync the fob from the car, an attacker is able to reset that sync counter.
At that point the attacker knows both the sync counters value for the receiver and at least one valid code which grants the ability to remotely unlock and start the car. All they need to do is send the code they captured on a loop until the sync counter matches what it should be for the known unlock code to get access to the car.
The only good news is that the captured code will only work once; not much comfort to someone watching their car drive away without them. There is also the fact you could simply repeat the process from scratch to regain access to that same vehicle.
Honda cars have been found to be severely vulnerable to a newly published Rolling PWN attack, letting you remotely open the car doors or even start the engine. So far it’s only been proven on Hondas, but ten out of ten models that [kevin2600] tested were vulnerable, leading him to conclude that all Honda vehicles on the market can probably be opened in this way.
More Tech News From Around The Web
- Pentester says he broke into datacenter via hidden route running behind toilets @ The Register
- Maxon Redshift 3.5 GPU & CPU Rendering Performance @ Techgage
- Alder Lake-Powered Linux Laptop Arrives With 14 Hours of Battery Life @ Slashdot
- Micron releases DDR5 DRAM ready for next-gen servers @ The Register
- Noise-resistant quantum computing comes a step closer @ Physics World