A vulnerability 'Rolling PWN' that can unlock and start the engine of most Honda cars is discovered
It has been pointed out that the remote keyless entry system used in many Honda vehicles has a vulnerability called ' Rolling PWN ' (
Rolling PWN
https://rollingpwn.github.io/rolling-pwn/
I Tried the Honda Key Fob Hack on My Own Car. It Totally Worked
https://www.thedrive.com/news/i-tried-the-honda-keyfob-hack-on-my-own-car-it-totally-worked
I was able to replicate the Rolling Pwn exploit using two different key captures from two different times.
Https://t.co/ZenCB3vX5z pic.twitter.com/RBAO7ZtlXZ — Rob Stumpf (@RobDrivesCars) July 10, 2022
So, yes, it definitely works.
Below is a verification video by Star-V Lab (Star-V Lab) that actually discovered this vulnerability.
Rolling Pwn Honda CR-V Star Litter Laboratory
https://rollingpwn.github.io/rolling-pwn/video/Demo-Video-CRV.mp4
A man gets off the CR-V and operates his key fob (Honda smart key). The blinker part of the side mirror blinks ...
It's locked.
After the man left, a suspicious device appeared.
Sending the created command …….
Eventually, the blinker flashes.
The lock has been released.
The team is a popular Honda car from 2012 to 2022 'Civic (2012 model, 2022 model)' 'XR-V (2018 model)' 'CR-V (2020 model)' 'Accord (2020) 'Model)' 'Odyssey (2020 model)' 'Inspire (2021 model)' 'Fit (2022 model)' 'VE-1 (2022 model)' 'Breeze (2022 model)' 9 models 10 models Since we have confirmed the vulnerability in, we estimate that all Honda cars on the market as of 2022 will be affected.
As a similar vulnerability related to Honda's keyless entry system, the vulnerability `` CVE-2019- '' that replay attacks are possible because the same RF signal is sent every time the door of HR-V (2017 model) is unlocked. A vulnerability ' CVE-2022-27254 ' has been reported that allows a similar replay attack on ' 20626 ' and Civic (2018 model).
Recent Honda cars implement their own rolling code mechanism to prevent fixed code replay attacks, so it seems that you do not have to worry about these two vulnerabilities, but 'Rolling PWN' is a rolling code mechanism There is a big difference that it is related to the design defect of. In addition, the reason why the name is 'Rolling PWN' instead of 'Honda PWN' is that it may exist other than Honda cars.
When a vulnerability discoverer tried to report this to Honda, there was no vulnerability report form, and a person working at Honda advised that 'it is best to contact customer service for vulnerability reports'. I contacted customer service because there was, but it seems that there is no reply.
Related Posts:
