You have to give car thieves this much credit: They’re always innovating.
By wirelessly stealing command codes from key fobs in a move called the “Rolling Pwn attack,” hackers have been able to unlock and start Honda vehicles, report ITSecurityGuru.com and automotive site TheDrive.com.
Each time you press a button on your key fob, a pseudorandom number generator (PRNG) sends a semi-random code to the vehicle, giving it a command to, say, unlock the doors or open the lift gate. The car then checks that code against a list of valid codes; and if it’s legit, it carries out the command. It is also supposed to invalidate previous codes to keep bad actors from reusing them. (This rolling code mechanism replaced the old system of fixed codes, which made it even easier to steal a car.)
Here’s the catch: There’s also another group of codes designated for use when the key fob is out of range of the vehicle. And in the case of Hondas, hackers are intercepting and recording these out-of-range codes. It uses them to resynchronize the number generator, keeping the codes valid and enabling them to steal the car at a later date.
“Yes, it definitely works,” reported TheDrive’s Rob Stumpf, who successfully used the Rolling Pwn to hack his own 2021 Accord with a software-defined radio.
Honda: Trick ‘cannot be used to drive the vehicle away’
Honda has acknowledged the problem but disputes what a hacker can do with the codes.
“We can confirm researcher claims that it is possible to employ sophisticated tools and technical know-how to mimic Remote Keyless commands and gain access to certain vehicles or ours,” Honda spokesperson Chris Naughton told USA TODAY in an email. “However, while it is technically possible, we want to reassure our customers that this particular kind of attack, which requires continuous close-proximity signal capture of multiple sequential RF transmissions, cannot be used to drive the vehicle away.”
Which cars are vulnerable?
Naughton said the following U.S. models are at risk for this type of attack:
- 2012 Honda Civic
- 2020 Honda C-RV
- 2020 Honda Accord
- 2020 Honda Odyssey
- 2021 Honda Accord
Naughton confirmed that some Acuras are vulnerable as well but said that “all completely redesigned 2022 and 2023 model year vehicles have an improved keyless remote system.”
The newer system, he says, “transmits codes that immediately expire, which would prevent this type of attack from being successful.”
Models with the newer, more secure keyless entry system include the 2022 Civic, 2023 HR-V. 2022 Acura MDX and 2023 Acura Integra.
