Security News > 2022 > March > Honda bug lets a hacker unlock and start your car via replay attack
Researchers have disclosed a 'replay attack' vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance.
Honda owners may be able to take some action to protect themselves against this attack.
This week, multiple researchers disclosed a vulnerability that can be used by a nearby attacker to unlock some Honda and Acura car models, and start their engines wirelessly.
The vulnerability, tracked as CVE-2022-27254, is a Man-in-the-Middle attack or more specifically a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends these at a later time to unlock the car at will.
In 2020, Berry had reported a similar flaw affecting the following Honda and Acura models but alleged that Honda ignored his report and "Continued to implement 0 security measures against this very simple 'replay/replay and edit' attack."
Note, in their statement to us, Honda explicitly mentions it has not verified the information reported by the researchers and cannot confirm if Honda's vehicles are actually vulnerable to this type of attack.
News URL
Related news
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Subaru Starlink flaw let hackers hijack cars in US and Canada (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2022-27254 | Authentication Bypass by Capture-replay vulnerability in Honda Civic 2018 Firmware The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. | 5.3 |