< img src ="https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjxcGJiBcutQsgz8xyQYoRUewyaTh57xVF7sdXTUQF8wWDGm2v5NjZ1cXXMYd6af-VMm5HQN9q9dRz2kYNRc54DFZvFOl_s8fGNiGTptDOTVooQEujMiuW8RVX908QlUMYX05tS4hvyNX-eS_s2PyFwNZFxZTkqCOgShDjSnGN_7Gw6cxqusHcoq6ZT/s728-e100/car.jpg"alt="">< img alt=""src="https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjxcGJiBcutQsgz8xyQYoRUewyaTh57xVF7sdXTUQF8wWDGm2v5NjZ1cXXMYd6af-VMm5HQN9q9dRz2kYNRc54DFZvFOl_s8fGNiGTptDOTVooQEujMiuW8RVX908QlUMYX05tS4hvyNX-eS_s2PyFwNZFxZTkqCOgShDjSnGN_7Gw6cxqusHcoq6ZT/s728-e100/car.jpg"/ > A duo of scientists has launched a proof-of-concept (PoC) demonstrating the capability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack.
The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that impacts Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured in between 2016 and 2020. Credited with finding the concern are Ayyappan Rajesh, a trainee at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart).
” A hacker can acquire total and unrestricted access to locking, unlocking, controlling the windows, opening the trunk, and starting the engine of the target automobile where the only method to avoid the attack is to either never ever utilize your fob or, after being compromised( which would be difficult to recognize) , resetting your fob at a car dealership, “Berry discussed in a GitHub post.
The underlying concern is that the remote key fob on the impacted Honda vehicles sends the exact same, unencrypted radio frequency signal (433.215 MHz) to the automobile, effectively allowing an adversary to intercept and replay the request at a later time to wirelessly begin the engine as well as lock and unlock the doors.
This is not the first time a defect of this kind has actually been discovered in Honda vehicles. An associated problem found in 2017 Honda HR-V models (CVE-2019-20626, CVSS score: 6.5) is stated to have actually been “relatively neglected” by the Japanese business, Berry declared.
“Manufacturers need to implement Rolling Codes, otherwise referred to as hopping code,” Rajesh stated. “It is a security technology frequently utilized to supply a fresh code for each authentication of a remote keyless entry (RKE) or passive keyless entry (PKE) system.”
We have asked Honda for a comment, and we will upgrade the story once we hear back.
