Honda key fob flaw allows hackers to remotely unlock, start certain vehicles
A security flaw recently uncovered by security researchers may allow hackers to remotely unlock and start several Honda vehicles made in the past decade.
The attack, dubbed "Rolling Pwn," involves a vulnerability in the keyless entry system of many Honda vehicles made between 2012 and 2022. A pair of Star-V Lab security researchers claim to have first discovered the bug, posting several videos of themselves unlocking and remotely starting various Honda vehicles in a recent report.
Rob Stumpf, an automotive journalist at The Drive, later independently tried the Honda key fob hack on his own car — a 2021 Honda Accord — and succeeded in unlocking and starting it.
Honda confirmed the researchers’ claims of the vulnerability in a statement to FOX Television Stations, saying it’s possible to gain access to certain vehicles produced by the automaker with "sophisticated tools and technical know-how."
Honda key fob hack: How does it work?
Modern vehicles are often equipped with a keyless entry system, which allows the car to be unlocked and started remotely. When a person presses the unlock button on a paired key fob, the fob sends a unique code wirelessly to the vehicle, according to The Drive.
Older vehicles used fixed codes for the keyless entry into the vehicle. But since any individual can access and replay a static code to lock and unlock the car, this kind of mechanism is "inherently vulnerable," the automotive news website reports.
And so, vehicle manufacturers later introduced a "rolling code" mechanism in keyless entry systems to beef up the security, including in many Honda vehicles, the Star-V Lab security researchers wrote in the report. Each button press on the key fob sends a new code to the vehicle.
In the event that the key fob button gets pressed a few times while away from the car, a "window" of several codes is assigned as part of the rolling mechanism in order for everything to stay in sync, The Drive notes.
"When a vehicle receives a newer code, it typically invalidates all previous codes to protect against replay attacks," The Drive states.
But the so-called "Rolling-Pwn" hack, which the researchers called "a serious vulnerability," allows hackers to essentially eavesdrop on a paired keyfob and capture these codes using radio equipment, according to the report and The Drive.
The researchers discovered that it’s possible to replay a sequence of older codes that would normally be invalid and gain entry to the vehicle from nearly 100 feet away, the report says.
FILE IMAGE - A Honda Accord is on display in Chicago, Illinois on Feb. 10, 2017. (Photo By Raymond Boyd/Getty Images)
The security researchers said they successfully tested the hack on 10 popular Honda models between the years 2012 to 2022, sharing several videos of the tests. They also specifically identified the following vehicles that may be affected by the vulnerability:
- Honda Civic 2012
- Honda X-RV 2018
- Honda C-RV 2020
- Honda Accord 2020
- Honda Odyssey 2020
- Honda Inspire 2021
- Honda Fit 2022
- Honda Civic 2022
- Honda VE-1 2022
- Honda Breeze 2022
In Honda’s statement, the spokesperson noted that while this hack is "technically possible," it wants to reassure customers that "this particular kind of attack, which requires continuous close-proximity signal capture of multiple sequential (radio frequency) transmissions, cannot be used to drive the vehicle away."
"Furthermore, Honda regularly improves security features as new models are introduced that would thwart this and similar approaches," the statement concluded.
The Star-V Lab security researchers, who were identified as Kevin2600 and Wesley Li, suggested that a solution would require bringing the vehicle back to a local dealership as a recall — which may be challenging, given how many Honda vehicles use a rolling code mechanism.
Another strategy would be an over-the-air (OTA) update if feasible. However, the team noted how some older vehicles may not support OTA.
This story was reported from Cincinnati.