Skip to main content

Some Honda cars can be hacked using just a portable radio

Millions of Honda cars could be at risk of theft following the reveal of a new remote hacking risk.

Security researchers from Star-V Lab have uncovered a technique that allows anyone to unlock a vehicle, open doors and even start the engine using a handheld radio due to a vulnerability in the car's keyfob.

A number of leading Honda models released between 2012 and 2022 are apparently affected by the flaw, including the Accord, Civic, C-RV and X-RV.

Honda remote flaw

The researchers have teamed up with journalist Rob Stumpf from The Drive to show off the vulnerability, which they've dubbed Rolling-PWN.

The issue is contained within the rolling codes mechanism, including within the keyless entry system (aka the keyfob) in order to prevent replay "man-in-the-middle" attacks. 

The team found that every time the keyfob button is pressed, it increases the chance of certain codes being accepted to give access to the vehicle. The team notes that the receiver within the vehicle accepts a "sliding window of codes" primarily in order to avoid accidental key presses.

Each time the button is pressed, the rolling codes synchronizing counter is increased, and so by sending certain commands in a consecutive sequence, the counter will resychronize, opening it up to previous commands that can be used to access the vehicle. 

"The Rolling-PWN bug is a serious vulnerability," the team wrote in a blog post outlining its findings. "We found it in a vulnerable version of the rolling codes mechanism, which is implemented in huge amounts of Honda vehicles."

The researchers note that anyone with a specific vehicle make could be at risk, and users may not even be able to detect if the flaw has been used against them.

They also warn that the threat could affect vehicles from other brands, and that Honda doesn't currently seem to have a fix, or even noticed the issue. The researchers note that they have tried to file a report, but could not find a proper way to do so, so instead contacted Honda Customer Service.

A spokesperson for Honda told Vice that the report wasn't credible and that the allegations are unfounded.

"The key fobs in the referenced vehicles are equipped with rolling code technology that would not allow the vulnerability as represented in the report," the company said.

"In addition, the videos offered as evidence of the absence of rolling code do not include sufficient evidence to support the claims," the company added.

Via BleepingComputer



Source: TechRadar

Popular posts from this blog

Follow these steps to connect a Pro Controller to your Android phone

Playing games on your smartphone is one of the best ways to entertain yourself. However, it can be tough to play with some games when you're just tapping on a screen. Fortunately, it's possible to sync up a traditional controller. That's where it's nice to connect your Nintendo Switch Pro Controller and get playing on the best gaming phones . By the way, the Playstation 4 controller as well as the Xbox One controller are also compatible with Android devices, if you'd prefer to use one of those. Note: You will only be able to use a Pro Controller if your phone is running Android 10 and if the game you're playing supports controllers. Additionally, the process for syncing the controller with your phone will be different from one phone to the next. How to use Switch controller on Android: Sync Pro Controller to your phone via Bluetooth Do keep in mind that some Android games — including some of the most popular titles like Genshin Impact — don't act

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

I replaced my Steam Deck’s noisy fan and am so happy I did

Photo by Sean Hollister / The Verge 160 hours into Elden Ring, I’m sure of one thing: the single most annoying thing about my Steam Deck is its whiny fan. And now, I’m so happy to report there’s a way to fix it. It takes roughly 15 minutes and $30 — depending on where you live — to install a replacement fan from iFixit. Five days ago, the repair company finally got a large shipment of those fans , and I bought one right away. Now, my Steam Deck’s tiny screech is gone. Is the fan still loud? Yes, yes it is, but it’s a whoosh instead of a whine. I like to think of it as the sound of air escaping the Deck’s vents, but mostly, I don’t think about it at all. I can easily tune out the new whoosh, whereas the whine always managed to get my attention even after Valve tweaked its software to bring the fan noise down. In fact, the new fan has less whine than the electrical tape trick I showed you in April , and — YMMV — seems to be oh-so-slightly quieter overall. I did an admittedly

You can make your new Pixel look like a Teenage Mutant Ninja Turtle

A cool thing about Google’s Pixel 6 series phones is their unique camera bar design . If the finish of that strip were a different color than black — specifically blue, orange, purple, or red — it would totally look kind of like the Teenage Mutant Ninja Turtles . And now that you can’t unsee the resemblance, device outfitter Dbrand would like to help make your Pixel 6 device look like one of your favorite childhood heroes. With Google’s latest phone the Pixel 6a releasing next week , Dbrand decided it's a good time to revisit the sewers and launch its Teenage Mutant Ninja Pixels decals for all three phones. They match the green heroes-in-a-half-shell plus their masks, and include four camera decal strips that reflect the colors of Leonardo, Michelangelo, Donatello, and Raphael. Personally, I think the Pixel 6a’s two-camera array does the best job looking like proper eyes (the spidery camera array of the Pixel 6 and 6 Pro, not so much). Available now for the Pixel 6a: https://