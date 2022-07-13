Today we have seen that virtually any device or product can be hacked, such as a Tesla car. But this is something that has happened again with several of the most modern models that can be purchased from Honda, which A vulnerability has been detected that allows the vehicle to be opened remotely and even start your engine.

This has been a really large study that has exploited the Rolling-PWN weakness that allows to reproduce the attacks in which the codes of the key of a car are intercepted. Without a doubt, it is something quite common today, since it can be difficult to see a car that requires a physical key to open it.

Hacking the opening of a car is possible

In these vehicles where the opening of the vehicles is done remotely and it is not even necessary to insert the key in any location, rolling codes are used which will ensure a unique number is used when you press the open button. In order to ensure that they are completely random, a algorithm that will generate the pseudorandom numbers.

Formerly this was not so, since fixed codes were used. But in the end these could be removed by brute force, being a really serious security problem. However, now it is possible to know that the use of random numbers are also not completely perfect and that in Honda they are going to have several problems.





These vehicles have a counter that will verify the chronology of the generated codes, although non-chronological codes are also accepted. In this way, security researchers were able to know that this counter resynchronize when receiving lock/unlock commands in consecutive sequences. As a result, codes from a previous session will be accepted, although theoretically they would no longer be valid. And this is something that some journalists have managed to record to show that a specialist could enter your vehicle with the necessary equipment.

Specifically, an attacker only needs radio equipment that captures a sequence of codes and can reproduce them at a later time to unlock the vehicle and start it. And it will not matter when it is played, since if the codes have been captured, the attacker will be able to act in months. And this is because previous sessions are not invalidated, which should be correct.

I was able to replicate the Rolling Pwn exploit using two different key captures from two different times. So, yes, it definitely works. https://t.co/ZenCB3vX5z pic.twitter.com/RBAO7ZtlXZ — Rob Stumpf (@RobDrivesCars) July 10, 2022

And although these researchers have wanted to inform Honda of this problem, the brand has stated that it is not true. Honda states that this is something not credible, and despite the fact that there are videos that demonstrate these facts, it does not seem that a solution will come. At the moment what is known is that this attack has been successfully tested on the following vehicles:

Honda Civic 2012

Honda X-RV 2018

Honda C-RV 2020

2020 Honda Accord

Honda Odyssey 2020

Honda Inspire 2021

Honda Fit 2022

Honda Civic 2022

Honda VE-1 2022

Honda Breeze 2022

