Security News
Security vulnerabilities discovered in Honda's e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information."Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account," security researcher Eaton Zveare said in a report published last week.
Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. For Honda, Eaton Works exploited a password reset API to reset the password of valuable accounts and then enjoy unrestricted admin-level data access on the firm's network.
On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles.Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. []. In a phone call, Kevin2600 explained that the attack relies on a weakness that allows someone using a software defined radio-such as HackRF-to capture the code that the car owner uses to open the car, and then replay it so that the hacker can open the car as well.
A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely. Called Rolling-PWN, the weakness enables replay attacks where a threat actor intercepts the codes from the keyfob to the car and uses them to unlock or start the vehicle.
A duo of researchers has released a proof-of-concept demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020.
If you're driving a Honda Civic manufactured between 2016 and 2020, this newly reported key fob hijack should start your worry engine. Their research suggests that Honda Civic LX, EX, EX-L, Touring, Si, and Type R vehicles manufactured between 2016 and 2020 all have this vulnerability.
Researchers have disclosed a 'replay attack' vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance. Honda owners may be able to take some action to protect themselves against this attack.
Owners of Honda cars of a certain age - apparently somewhere between 10 and 16 years old - have spent the first few days of the New Year reporting a weird "Millennium bug style" problem. Apparently, for many cars that are a decade or so old, New Year's Day 2022 was ushered in with their in-car clocks.
Honda and Acura cars have been hit with a Year 2022 bug, aka Y2K22, that resets the navigation system's clock to January 1st, 2002, with no way to change it. Starting on January 1st, the date on Acura and Honda navigation system would automatically change to January 1st, 2002, with the time resetting to 12:00, 2:00, 4:00, or other times based on the model or possibly the region the car is located.
Multistage targeted ransomware attacks against critical infrastructure, designed to maximize damage and recovery costs, are increasingly common. The attack was captured by Cybereason's 2020 honeypot research.