A new key fob hack could give bad actors access to any Honda vehicle released since 2012. Known as the “Rolling-Pwn” attack, the hack allows hackers to remotely steal codes linked to the Honda owners’ key fobs. The hackers can then use the stolen codes to remotely unlock the doors and start the car’s engines, researchers say.
Honda key fob hack could leave vehicles released since 2012 vulnerable
The new Honda key fob hack was first made known thanks to Star-V Lab security researchers by the names of Kevin2600 and Wesley Li. The two shared the news of the Rolling-Pwn attack in a blog post detailing how it affects vehicles from the year 2012 up to the year 2022.
The researchers say they tested the 10 most popular models of Honda vehicles from 2012 up to 2022 using the hack. Because of how many vehicles were affected, they believe that Rolling-Pwn could be used to gain access to any Honda vehicle released in the last 10 years. Considering how large of a brand Honda is, that could leave millions of people’s vehicles vulnerable to the hack.
Here’s a list of some of the vehicles the researchers tested:
- Civic 2012
- X-RV 2018
- C-RV 2020
- Accord 2020
- Odyssey 2020
- Inspire 2021
- Fit 2022
- Civic 2022
- VE-1 2022
- Breeze 2022
It could affect other vehicles too
The new Honda key fob hack works by taking advantage of the vehicle’s rolling code system. This system is used in keyless entry systems to prevent replay attacks. However, the receiver is designed to accept a sliding window of codes, according to the researchers. This helps avoid issues with accidental key presses.
For safety reasons the researchers didn’t reveal exactly how the key fob hack works. However, they did share some concerning news. While the fact that it could affect all Honda vehicles since 2012 is scary enough, it could also be used to gain access to other brands of vehicles. That’s because many vehicles use a similar rolling code system for their keyless entry system.
You can see the hack in action in the original blog detailing the discovery. There’s currently an assigned CVE for the issue. The researchers also note that it’s almost impossible to detect if someone has used the Honda key fob hack against you, as it doesn’t leave traces in the traditional log files.
As such, anyone with a Honda vehicle may be at risk. In the meantime, it may be worth not leaving valuables inside your car until the issue is resolved.
Read: U-Haul hack: Names and driver’s licenses exposed in data breach