Security News > 2022 > July > Hackers can unlock Honda cars remotely in Rolling-PWN attacks
A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely.
Called Rolling-PWN, the weakness enables replay attacks where a threat actor intercepts the codes from the keyfob to the car and uses them to unlock or start the vehicle.
The keyless entry system in modern cars rely on rolling codes produced by a pseudorandom number generator algorithm to ensure that unique strings are used each time the keyfob button is pressed.
The rolling code mechanism was introduced to prevent fixed code flaws that enabled man-in-the-middle replay attacks like the one we covered in March, which is still exploitable in older models.
The vulnerability is tracked as CVE-2021-46145 and is described as an issue "Related to a non-expiring rolling code and counter resynchronization" in the keyfob subsystem in Honda.
"The key fobs in the referenced vehicles are equipped with rolling code technology that would not allow the vulnerability as represented in the report," stated Honda.
News URL
Related news
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-06 | CVE-2021-46145 | Authentication Bypass by Capture-replay vulnerability in Honda Civic 2012 The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. | 2.9 |