A group of security researchers has discovered a means of unlocking remote keyless-entry vehicles without the owner’s knowledge.
Using a handheld device, hackers can record the signal coming from a key fob when a vehicle is locked or unlocked in a method known as a Rolling-PWN attack.
The device can then replay the signal back to the vehicle, permanently unlocking the door and enabling the engine to be started.
It was found that the bug mainly affects Hondas manufactured between 2012 and 2022. However, the researchers mentioned that this bug may exist for other brands of vehicles too.
You may be wondering how this is possible considering modern vehicles have security systems in place to prevent these kinds of ‘relay’ attacks.
Many modern cars supposedly use what’s called a rolling code system for their keys. This essentially generates a newly assigned code every time the key is used to unlock a vehicle and is supposed to prevent attacks like Rolling-PWN.
As proven by the researchers, modern Hondas and possibly other vehicles seem to lack this level of security.
The researchers suggest affected vehicles must be returned to a dealership to have the problem amended in a form of recall. But their recommended strategy is to upgrade the vulnerable firmware through over-the-air updates if feasible.
In an article published by tech news website Bleeping Computer, Honda says it “has no plan to update older vehicles at this time”.
Honda told the researchers the best course of action is to contact customer service to report the vulnerability.