Honda and Acura Replay Attack let hackers unlock and start these cars remotely

We can sometimes forget how integrated computers are in our lives beyond standard computing devices such as phones, laptops, and desktops. The hacking of computer systems beyond these devices can be a stark reminder of the ubiquity of computer systems. Just last week, a hacker stole 400 gallons of fuel from a gas station in North Carolina. This week, a group of cybersecurity researchers released a proof of concept for a vulnerability in Honda’s remote keyless system.

Researchers have released videos showing the use of a radio transceiver to remotely lock, unlock and start a 10th generation (2016-2021) Honda Civic. The videos serve as evidence of the hackers’ ability to exploit a vulnerability in Honda’s remote keyless system. The vulnerability is listed in the National Vulnerability Database (NVD) as CVE-2022-27254.

Honda’s remote keyless system sends the same radio frequency (RF) code for the range request, rather than using a rolling code technique that changes the code after each request. As a result, Hondas and Acuras are open to replaying Man-in-the-Middle (MitM) attacks, where a nearby attacker intercepts RF codes sent by the remote keyless system and later uses them to lock, unlock or remote start the auto. If Honda’s remote keyless system used rolling codes, a code intercepted by an attacker could not be reused, but, since the codes are fixed, an attacker could retransmit an intercepted code and successfully lock, unlock or start at distances the target vehicle.

As far as we know, this vulnerability has already appeared in the NVD under two different Common Vulnerabilities and Exposures (CVE) identifiers. CVE-2019-20626 dates back to 2019 and relates to the 2017 Honda HR-V. The other CVE ID, CVE-2021-46145, was registered in the NVD after a researcher published a proof of concept for an exploit of the vulnerability on a 2012 Honda Civic. Blake Berry, a member of the group that brought the vulnerability back to light this week, also previously posted a video demonstrating the exploit on a 2016 Honda Accord and confirmed that it worked on a 2009 Acura TSX, a 2018 Honda Civic Hatchback and a 2020 Honda Civic LX. However, Berry assumes that all Honda and Acura vehicles that use Honda’s remote keyless system are vulnerable.

A Honda spokesperson told BleepingComputer that they have not checked for these vulnerabilities, but if the company’s vehicles are vulnerable, “Honda has no plans to update older vehicles. for the moment”. The spokesperson added that “it is important to note that while Honda regularly improves security features as new models are introduced, determined and technologically sophisticated thieves also strive to overcome these features.” The spokesperson also pointed out that this hack is relatively sophisticated compared to other means thieves can use to gain access to vehicles and requires thieves to be near a vehicle while the owner is using the remote keyless system. .