Wednesday, August 10

They hack key chains of Honda cars: they can control them remotely | Digital Trends Spanish


A giant and very dangerous vulnerability was discovered by researchers, as they verified the hacking of keychains of honda carsto manage and control them remotely.

The attack “Rolling Pwn“, discovered by Star-V Lab security researchers Kevin2600 and Wesley Li, exploits a vulnerability in the way Honda’s keyless entry system transmits authentication codes between the car and the key fob.

This is basically using easily affordable radio equipment, the researchers were able to eavesdrop and capture the codes, then transmit them to the car to gain access.

This allowed researchers to remotely unlock and start the engines of cars affected by the vulnerability, which includes models from 2012 and as recent as 2022. But according to The Drivewhich independently tested and verified the vulnerability in a 2021 Honda Accord, the key fob flaw prevents an attacker from leaving with the vehicle.

What the researchers notedthis type of attack should be prevented by the vehicle’s rolling code mechanism, a system introduced to prevent replay attacks by providing a new code for each authentication of a remote keyless entry.

« Sending the commands in a consecutive sequence to the Honda vehicles will resynchronize the counter,” the researchers write. “Once the counter resynchronized, the commands from the previous counter cycle started working again. So those commands can be used later to unlock the car at will.”

Honda denies fault

“We have investigated similar allegations in the past and found them to be without substance,” a Honda spokesman said. “While we do not yet have enough information to determine whether this report is credible, the key fobs in the reference vehicles are equipped with rolling code technology that would not allow the vulnerability depicted in the report. Furthermore, the videos offered as evidence for the absence of rolling code do not include sufficient evidence to support the claims.”

Publisher Recommendations










es.digitaltrends.com