Click to Skip Ad
Closing in...

Every Honda since 2012 could be vulnerable to this untraceable key fob hack

Updated Sep 14th, 2022 6:46PM EDT
honda logo
Image: Honda

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A new key fob hack could give bad actors access to any Honda vehicle released since 2012. Known as the “Rolling-Pwn” attack, the hack allows hackers to remotely steal codes linked to the Honda owners’ key fobs. The hackers can then use the stolen codes to remotely unlock the doors and start the car’s engines, researchers say.

Honda key fob hack could leave vehicles released since 2012 vulnerable

The new Honda key fob hack was first made known thanks to Star-V Lab security researchers by the names of Kevin2600 and Wesley Li. The two shared the news of the Rolling-Pwn attack in a blog post detailing how it affects vehicles from the year 2012 up to the year 2022.

The researchers say they tested the 10 most popular models of Honda vehicles from 2012 up to 2022 using the hack. Because of how many vehicles were affected, they believe that Rolling-Pwn could be used to gain access to any Honda vehicle released in the last 10 years. Considering how large of a brand Honda is, that could leave millions of people’s vehicles vulnerable to the hack.

Here’s a list of some of the vehicles the researchers tested:

  • Civic 2012
  • X-RV 2018
  • C-RV 2020
  • Accord 2020
  • Odyssey 2020
  • Inspire 2021
  • Fit 2022
  • Civic 2022
  • VE-1 2022
  • Breeze 2022

It could affect other vehicles too

car key fobImage source: Apple Inc.

The new Honda key fob hack works by taking advantage of the vehicle’s rolling code system. This system is used in keyless entry systems to prevent replay attacks. However, the receiver is designed to accept a sliding window of codes, according to the researchers. This helps avoid issues with accidental key presses.

For safety reasons the researchers didn’t reveal exactly how the key fob hack works. However, they did share some concerning news. While the fact that it could affect all Honda vehicles since 2012 is scary enough, it could also be used to gain access to other brands of vehicles. That’s because many vehicles use a similar rolling code system for their keyless entry system.

You can see the hack in action in the original blog detailing the discovery. There’s currently an assigned CVE for the issue. The researchers also note that it’s almost impossible to detect if someone has used the Honda key fob hack against you, as it doesn’t leave traces in the traditional log files.

As such, anyone with a Honda vehicle may be at risk. In the meantime, it may be worth not leaving valuables inside your car until the issue is resolved.

Read: U-Haul hack: Names and driver’s licenses exposed in data breach

Josh Hawkins has been writing for over a decade, covering science, gaming, and tech culture. He also is a top-rated product reviewer with experience in extensively researched product comparisons, headphones, and gaming devices.

Whenever he isn’t busy writing about tech or gadgets, he can usually be found enjoying a new world in a video game, or tinkering with something on his computer.