Honda Car Vulnerability Enables Remote Start and Unlock
Cybersecurity experts have discovered that certain Honda and Acura car models are vulnerable to a bug that allows a nearby attacker to unlock the vehicle and even start its engine using a replay attack. This type of attack is not new: a hacker can intercept signals sent from the key fob to the car and then replay them to gain control over the vehicle’s remote access system without the actual key.
Which Models Are Affected?
According to researchers, this issue mainly affects Honda Civic models from 2016 to 2020 (including LX, EX, EX-L, Touring, Si, and Type R). The equipment needed for the attack is not particularly complex; the experts used a HackRF One SDR, a laptop, an account on FCCID.io, access to Gqrx SDR software, and the GNURadio toolkit.
Technical Details of the Vulnerability
The vulnerability, identified as CVE-2022-27254, is a type of Man-in-the-Middle (MitM) attack, specifically a replay attack. The researchers published details and a demonstration video on GitHub showing remote engine start. The team included cybersecurity experts Ayyappan Rajesh, Blake Berry, Sam Curry (Head of Security at Cybereason), and professors from the University of Massachusetts Dartmouth.
On GitHub, the researchers explain that intercepted commands can be replayed to achieve various results. For example, in one test, Berry recorded a “Lock” command sent from the key fob, which consisted of specific bits: 653-656, 667-668, 677-680, 683-684, 823-826, 837-838, 847-850, 853-854. He reversed these bits and resent them to the car, which resulted in unlocking the vehicle.
Previous Vulnerabilities and Manufacturer Response
Interestingly, in 2020, Berry reported a similar vulnerability (CVE-2019-20626) affecting several Honda and Acura models. At that time, he stated that Honda ignored his report and did not implement any security measures against this simple attack. The affected vehicles included:
- 2009 Acura TSX
- 2016 Honda Accord V6 Touring Sedan
- 2017 Honda HR-V
- 2018 Honda Civic Hatchback
- 2020 Honda Civic LX
How to Protect Against Such Vulnerabilities
To protect against these vulnerabilities, researchers recommend that automakers use “rolling codes.” This technology generates a fresh code for each authentication request, making it impossible for an attacker to replay old codes successfully.
Honda’s Official Statement
When contacted by Bleeping Computer, Honda stated that many automakers use outdated technology for remote locking and unlocking, making them potentially vulnerable to “determined and technologically advanced thieves.”
“Currently, such devices appear to work only in close proximity or when physically attached to the target vehicle, as they require local interception of radio signals from the owner’s key fob when the vehicle is being unlocked and started nearby,” Honda said. “At this time, Honda does not plan to update older vehicles. It’s important to note that while Honda regularly improves security features in new models, determined and technologically advanced thieves are always working to overcome these features.”
The company also believes that a nearby attacker could use other means to access the vehicle (such as physically breaking in) and does not necessarily need to resort to high-tech hacking. Honda emphasized that there is no evidence this type of attack is being widely used.
Our other channels
Our friends and partners