Security News > 2022 > March > Honda bug lets a hacker unlock and start your car via replay attack
Researchers have disclosed a 'replay attack' vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance.
Honda owners may be able to take some action to protect themselves against this attack.
This week, multiple researchers disclosed a vulnerability that can be used by a nearby attacker to unlock some Honda and Acura car models, and start their engines wirelessly.
The vulnerability, tracked as CVE-2022-27254, is a Man-in-the-Middle attack or more specifically a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends these at a later time to unlock the car at will.
In 2020, Berry had reported a similar flaw affecting the following Honda and Acura models but alleged that Honda ignored his report and "Continued to implement 0 security measures against this very simple 'replay/replay and edit' attack."
Note, in their statement to us, Honda explicitly mentions it has not verified the information reported by the researchers and cannot confirm if Honda's vehicles are actually vulnerable to this type of attack.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-23 | CVE-2022-27254 | Authentication Bypass by Capture-replay vulnerability in Honda Civic 2018 Firmware The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. | 5.3 |