Hackers Reveal How To Remotely Start A Range Of Different Honda Models

Security researchers have found a huge problem with Honda’s keyless entry system. It could allow hackers to unlock and start all Honda vehicles on the market today, including the Honda Civic. The software is called a ‘Rolling-Pwn’ attack and was discovered by Star-V Lab researchers Wesley Li and Kevin2600. Effectively, the hack exploits Honda’s keyless entry system to start the car. It does so by transmitting the proper authentication codes between the car and the key fob.

We’ve seen this before with Honda. And earlier this year a 19-year-old hacked 25 Teslas from all over the world. The F-150 Lightning was, up until recently, extremely vulnerable to Bluetooth hacks. Some have even used it as an anti-Putin propaganda tool.

Star-V notes this kind of attack can be prevented by a car’s rolling-codes mechanism. That’s a system that is designed to prevent reply attacks (a type of hack) by providing a new code for each authentication attempt by a remote key fob. Evidently, it does not do that properly.

The attack “eavesdrops” on a paired keyfob, capturing codes sent by the fob. Then, the attacker can replay a sequence of valid codes and re-sync the car’s Pseudorandom Number Generator (PRNG). As a result, a hacker can use codes from earlier that otherwise wouldn’t work. These systems are secure because they almost never use the same code twice (as a result of the PRNG). With the hack, not only will the system take an old code, but it’ll use it to start the car.

As of now, the hack has been tested on a wealth of Honda models. The Honda Civic from 2012, a 2020 Accord, and a 2022 Fit were all successfully hacked. Reportedly, the hack also allows you to drive the vehicle as if the key is inside. Right now, it’s unclear whether that means the car can then keep driving without the key.

For now, Honda has not issued a public statement regarding the hack. Should Honda classify it as a legitimate threat, a recall will likely have to be issued. Given the breadth of models covered, this hack could also necessitate an entirely new build for Honda’s keyless entry systems– a very, very expensive proposition.