Honda key fob flaw lets hackers remotely unlock and start cars

[Elderberry]

Tech Crunch by Carly Page 7/12/2022

Security researchers have revealed a vulnerability in Honda’s keyless entry system that could allow hackers to remotely unlock and start potentially “all Honda vehicles currently existing on the market.”

The “Rolling-Pwn” attack, uncovered by Star-V Lab security researchers Kevin2600 and Wesley Li, exploits a vulnerability in the way Honda’s keyless entry system transmits authentication codes between the car and the key fob. It works in a similar way to the recently discovered Bluetooth replay attack affecting some Tesla vehicles; using easily purchasable radio equipment, the researchers were able to eavesdrop and capture the codes, then broadcast them back to the car in order to gain access.

This allowed the researchers to remotely unlock and start the engines of cars affected by the vulnerability, which includes models from as far back as 2012 and as recent as 2022. But according to The Drive, which independently tested and verified the vulnerability on a Honda Accord 2021, the key fob flaw doesn’t allow an attacker to drive off with the vehicle.

As noted by the researchers, this kind of attack should be prevented by the vehicle’s rolling codes mechanism — a system introduced to prevent replay attacks by providing a new code for each authentication of a remote keyless entry. Vehicles have a counter that checks the chronology of the generated codes, increasing the count when it receives a new code.

More: https://techcrunch.com/2022/07/12/honda-key-fob-flaw-hackers/

[Kamaji]

Every time I read one of these stories, I go over to hemmings or autotrader and start looking up prices of drivable "dumb" cars.  I'd love me another 1971 Plymouth Scamp, but with the 318 instead of the 225 (the 340 w/ a six-pack would be nice, but not as a daily driver).

[Wingnut]

Every time I read one of these stories, I go over to hemmings or autotrader and start looking up prices of drivable "dumb" cars.  I'd love me another 1971 Plymouth Scamp, but with the 318 instead of the 225 (the 340 w/ a six-pack would be nice, but not as a daily driver).

Those cars will start and drive after an EMP attack.  I think those early 70's cars still the pre HEI ignition systems.

[mountaineer]

Every time I read one of these stories, I go over to hemmings or autotrader and start looking up prices of drivable "dumb" cars.  I'd love me another 1971 Plymouth Scamp, but with the 318 instead of the 225 (the 340 w/ a six-pack would be nice, but not as a daily driver).

I miss my 1971 Duster so much. It technically belonged to my parents, and they got rid of it after my older idiot brother burned out the engine (something about not putting any oil in it, I believe). 

[Kamaji]

Those cars will start and drive after an EMP attack.  I think those early 70's cars still the pre HEI ignition systems.

Yup.  My '71 Scamp with the 225 had points and a condenser on the distributor.  PITA to set, especially in the dark, because it was on the downward side of the slant-6.

[Wingnut]

Yup.  My '71 Scamp with the 225 had points and a condenser on the distributor.  PITA to set, especially in the dark, because it was on the downward side of the slant-6.

I feel your pain.  My olds rocket V8 had the distributor tucked up next to the firewall.  You had to fight with the Wiper Motor and the razor sharp cowl lip to see which one would cut your hands 1st.

[Elderberry]

Those cars will start and drive after an EMP attack.  I think those early 70's cars still the pre HEI ignition systems.

I have 3 vehicles with HEI ignitions. A 53 Willys, a 56 3/4 ton Chevy and a 75 Vette. Post any EMP attack, I have several HEI modules set aside. I have even converted a 75 hp Chrysler outboard to an HEI ignition.

I sure don't see any need to go back to points.

[Wingnut]

I sure don't see any need to go back to points.

Nor adjusting the solid lifter/tappits.