Security researchers Kevin26000 and Wesley Li have discovered an exploit that records the wireless unlock signal from a Honda key fob and then plays it back at will. If this sounds like an old problem that carmakers have since fixed, you’re correct. But the Rolling-PWN attack, as it is called, exploits built-in safety features to circumvent the security fix. The researchers say the attack works on all Honda models from 2012 to 2022, although they’ve only tested it on ten models. “Hondas of any model are very susceptible to break-ins and theft, as they lack the security features most other brands are very strict toward. Honda owners should take precautions by purchasing anti-theft car accessories like a club, boot, or a kill switch. These features are not 100% theft-proof, but they significantly lower the chances,” Kyle MacDonald, director of operations at GPS vehicle fleet-tracking company Force by Mojio, told Lifewire via email.
Old School Hack
If you’ve watched any cop or private detective TV shows in the last decade, you’ve seen somebody use a radio device to capture the signal from a remote key fob, then play it back to unlock the vehicle later. Modern cars use a rolling code system to prevent these replay attacks. Every time you blip the remote and unlock the car, both the car and the remote change to a new code. This means the old code is instantly useless as soon as it’s used. These codes are synchronized, but what if your kid grabs the remote when you’re away from the car and starts pressing the buttons? This would lead to the car and key fob going out of sync. To mitigate this, say the researchers, “vehicle receiver will accept a sliding window of codes, to avoid accidental [key presses] by design.” Their attack works by sending several commands, in sequence, to the Honda, which then re-syncs the sequence. Thus, the attacker can then open the car at any point thereafter. The attack leaves no trace. You can see the hack in action at a Honda dealership here.
Should You Worry?
This is a major hack, but you probably don’t need to worry about your car being stolen just yet, although you should never leave any valuables in your car ever again (and that’s good advice in general). The Rolling-PWN hack can unlock a car and even remotely start the engine on models that support it, but there’s an additional safety feature that will save your vehicle. While you can remote start your Honda from afar, you can’t actually drive it away unless you have the original key fob with you in the car. The attacker also has to be in physical proximity to it. “This hack only allows remote start, which doesn’t allow you to drive the car at all. You would still need to get the actual key fob to drive the car away,” commented car nerd Iamjason on a Verge article about this hack. But that doesn’t apply to all Hondas. According to Jalopnik’s José Rodríguez Jr., some Honda models still use an unencrypted code that doesn’t ever change. In William Gibson’s genre-changing SF novel Neuromancer, pretty much everything is online and can be hacked with the right skills. But what hackers cannot do is remotely open a door that uses a totally old-school technology to lock it—a physical key. This is a great metaphor for our computerized world today. What a physical key lacks in convenience, it makes up for in many cases with security. And right now, while Honda owners sit and hope that Honda recalls an entire decade’s worth of cars to fix this flaw, they might be wishing their cars locked with a plain old car key. Were they really so bad?