CVE-2022–27254: Unlocking Honda Cars Remotely
Introduction
In March 2022, a vulnerability was discovered in the remote keyless system of various Honda vehicle models that allowed an attacker to access the cars, and potentially even let them drive away with it! This CVE explains the issue in various Honda vehicles where the remote keyless system of the car sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019–20626.
Let’s look at some of the key terms mentioned above.
- Remote keyless System: — Also known as RKS, allows doing certain operations on a vehicle from some distance by transmitting signals. The system is operated by a control unit in the car and a transmitter also called a fob or a key fob, which has buttons to activate the system’s features. Some common functions are unlocking doors, and opening cargo and trunks.
- Replay Attack:- A replay attack is a type of cyberattack in which an attacker intercepts and resends ( or “Replays”) a valid data transmission, either to disrupt the communication or to gain unauthorized access to a system.
I’ll cover more about this and other attacks in upcoming blogs.
Replay attacks are significantly more challenging to implement because the majority of auto manufacturers use rolling code security on their wireless keyfobs. The LX, EX, EX-L, Touring, Si, and Type R models of the Honda Civic from 2016 to 2020 appear to have no rolling code security, though.
“Civic with a laptop. The most feared thing in the car community”
Security researchers Ayyapan Rajesh and Hackingintoheart discovered that the same, unencrypted RF signal is sent for each door open, door close, boot open, and remote start (if applicable) by various Honda vehicles equipped with remote keyless entry systems. This allowed them to eavesdrop on the request and conduct a replay attack.
Honda had not implemented the basic security layer to prevent replay attacks. They used static codes instead of rolling codes, which enabled attackers to capture the key fob signals.
Therefore, it is possible to unlock a vehicle without a key by recording the unlock signal coming from the fob using an SDR device like HackRF, sending the signal again, or replaying it. Furthermore, it was possible to turn on the engine and, if applicable, start the car remotely.
Follow me here:
LinkedIn:- https://www.linkedin.com/in/vinayak-agrawal-2aa5a61ab/
Twitter:- https://twitter.com/Dr_Anonymous95
Youtube:- http://www.youtube.com/c/AnonymousWorld95
If you like my work, then please support me here:
BuyMeACoffee: https://bmc.link/uchihavin
