Honda Civics vulnerable to remote unlock, start hack • The Register
If you drive a Honda Civic manufactured between 2016 and 2020, this recently reported keychain hijacking should start your engine of concern.
Keyless access exploits are nothing new. Anyone armed with the appropriate equipment can smell a lock or unlock code and transmit it again. This particular problem with some Honda vehicles is just the latest demonstration that carmakers have not adapted their technology to keep up with known threats.
This weakness of security marked CVE-2022-27254, was discovered by Ayapan Rajesh, a student at the University of Massachusetts Dartmouth, and someone with the HackingIntoYourHeart handle. Theirs research pointed out that all Honda Civic LX, EX, EX-L, Touring, Si and Type R vehicles manufactured between 2016 and 2020 have this vulnerability.
According to the duo, who thanked Professors Hong Liu and Ruolin Zhou and mentor Sam Curry, “different Honda vehicles send the same, unencrypted radio frequency signal each time they open, close a door, open the trunk and remotely start.” This allows the attacker to eavesdrop on the request and carry out a repeat attack. “
The GitHub page, created for the vulnerability, hosts three separate videos to prove the concept, showing their results. In essence, it has been shown that you can wait for a nearby owner to open or start your vehicle wirelessly, record this signal over the air, and later transmit this data again to perform the same action for yourself.
The attackers needed only a few readily available components to carry out their attack: a laptop, GNURadio development tools, Gqrx software-defined radio (SDR) software, access to the FCCID.io website, and HackRF One SDR. The only price associated with the attack (other than owning a laptop) is buying HackRF Onewhich retails in the mid-$ 300 range. All software used in the attack is free and open source.
The CVE page mentions another vulnerability, CVE-2019-20626the same vulnerability found in Honda HR-V vehicles from 2017 that Paraguayan security researcher Victor Casares demonstrated in a 2019 Medium publication.
An unrelated but similar problem in the 2012 Honda Civics allows a a similar attack, but for a different reason: non-expiring mobile code and resynchronizing the counter. This is also not just a problem for Honda. In 2016 The register reported on an experiment in which researchers cloned a Volkswagen keychain and managed to use it to potentially unlock 100 million vehicles.
Researchers involved in the latest finding said vehicle owners do not have much protection as long as manufacturers continue to use static codes. The barcodes that change each time you press a button are “a security technology typically used to provide a new code for each remote keyless access system (RKE) or passive keyless entry (PKE) authentication. This may interest you : MediaTek launches Kompanio 900T 5G chipset for tablets, notebooks, Telecom News, ET Telecom. , “Said the researchers.
Speaking of PKE systems, researchers say they are a significant improvement over RKE systems. Instead of relying on a broadcast fob, the vehicle itself is constantly looking for a passive RF fob, such as a door key card, and once closed enough, the car automatically unlocks. The necessary close proximity makes this attack far more complicated.
After all, researchers say the only way to alleviate the problem if you’re a victim is to go to the dealer and have them reset the keychain. When it comes to prevention, researchers are returning to the basics: put your keys in a Faraday bag.
We asked Honda for comment. ®