A group of professional hackers announced, in the United States, the discovery of a possible security flaw in different models of Honda cars, manufactured between 2012 and 2022. According to the researchers, who work for the Star-V Lab, it would be possible unlocking and even starting the vehicle’s engine remotely.
The vulnerability, according to the hackers, is in the key remote’s rolling code system. The group would have managed to invade several models of Honda cars, including Civic, Accord, Odyssey, Inspire, Fit, XR-V and Breeze. A video shows the invasion of a CR-V: watch!
The rolling code system works as follows: each time the driver activates the key remote control, it issues a different code for the vehicle. The secret is not repeated exactly to prevent someone from discovering the sequencing and gaining access to the vehicle.
However, according to the hackers, when commands are sent consecutively through a remote command device (RKE), the code system does a resynchronization. It is precisely at this moment that it would be possible to trace one of the codes already used. This vulnerability, according to professionals, is called Rolling-PWN.
Honda does not confirm car failure
In response to the website Vice, which published an article about the flaw, a Honda spokesperson said that the claims about vulnerability in the brand’s cars “have no substance”. The company also claims that the videos do not provide enough information and there is no guarantee that they are reliable.
Also according to the spokesperson, the system of rolling codes present in Honda’s car keys does not allow the action of intruders. Finally, the manufacturer adds that this is not the first time that alleged complaints about this type of vulnerability have arisen, but that there has never been proof of them.