Security researchers have found a new way to remotely unlock and even start many Honda car models by stealing codes from an owner’s key fob.
The newly discovered bug, dubbed “Rolling-PWN”, has been detailed in a new blog post from Star-V Lab. In order to exploit it, though, an attacker would first need to wirelessly steal the codes from a Honda owner’s key fob. However, this can be done from almost 100 feet away.
Once these codes are saved, they can be reused later to unlock older vehicles or to remotely start newer ones without an owner’s knowledge. Rolling-PWN has also been tested by Rob Stumpf from The Drive who used the bug to unlock and start his Honda.
Fortunately, the bug can’t be used by an attacker to drive off with your Honda as they would need the actual key fob in hand to do so.
Static codes vs rolling codes
Regardless of which make or model of car you have, your key fob is actually a tiny radio that sends codes to your vehicle to unlock/lock it or even to start newer car models.
While older vehicles use static codes that don’t change, newer cars use rolling codes that change each time the key fob is pressed. Rolling-PWN works by capturing static codes and then replaying them to gain access to a vulnerable car.
This isn’t the first time that Honda’s key fobs have been used in this way. In fact, a vulnerability in Honda Civic 2012 vehicles (tracked as CVE-2021-46145) allows codes to be replayed to unlock them and this also the case with a separate vulnerability (tracked as CVE-2022-27254) in Honda Civic 2018 vehicles.
A Honda spokesperson provided further details in an email to Tom’s Guide, saying:
“We can confirm researcher claims that it is possible to employ sophisticated tools and technical know-how to mimic Remote Keyless commands and gain access to certain vehicles or ours. However, while it is technically possible, we want to reassure our customers that this particular kind of attack, which requires continuous close-proximity signal capture of multiple sequential RF transmissions, cannot be used to drive the vehicle away. Furthermore, Honda regularly improves security features as new models are introduced that would thwart this and similar approaches.”
Not just Hondas
In their initial report on the matter, security researchers Kevin2600 and Wesley Li from Star-V Lab explained that this same bug may exist in other automaker’s vehicles which is why they dubbed it Rolling-PWN instead of just Honda-PWN.
Still though, the researchers successfully tested the bug out on 10 of the most popular Honda vehicles from 2012-2022, including the following models:
- Honda Civic 2012
- Honda X-RV 2018
- Honda C-RV 2020
- Honda Accord 2020
- Honda Odyssey 2020
- Honda Inspire 2021
- Honda Fit 2022
- Honda Civic 2022
- Honda VE-1 2022
- Honda Breeze 2022
They also have reason to believe that the vulnerability affects other car manufacturers with plans to release more details at a later date.
A fix likely isn’t coming for older models
Owners of older Honda vehicles may be out of luck when it comes to a fix as they don’t support over the air (OTA) updates.
The company may roll out a patch for newer model cars that will be delivered wirelessly but as older cars lack the capacity to receive these updates, they’ll likely still be vulnerable to Rolling-PWN.
Thankfully, this hack requires sophisticated equipment and some technical know-how which means that replicating it won’t be possible for everyone. However, you may want to keep a closer eye on your vehicle, install one of the best dash cams and use your keys as opposed to your key fob to unlock your car in the meantime.
