Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles

A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack.

The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020. Credited with discovering the issue are Ayyappan Rajesh, a student at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart).

“A hacker can gain complete and unlimited access to locking, unlocking, controlling the windows, opening the trunk, and starting the engine of the target vehicle where the only way to prevent the attack is to either never use your fob or, after being compromised (which would be difficult to realize), resetting your fob at a dealership,” Berry explained in a GitHub post.

The underlying issue is that the remote key fob on the affected Honda vehicles transmits the same, unencrypted radio frequency signal (433.215MHz) to the car, effectively enabling an adversary to intercept and replay the request at a later time to wirelessly start the engine as well as lock and unlock the doors.

This is not the first time a flaw of this kind has been uncovered in Honda vehicles. A related issue discovered in 2017 Honda HR-V models (CVE-2019-20626, CVSS score: 6.5) is said to have been “seemingly ignored” by the Japanese company, Berry alleged.

“Manufacturers must implement Rolling Codes, otherwise known as hopping code,” Rajesh said. “It is a security technology commonly used to provide a fresh code for each authentication of a remote keyless entry (RKE) or passive keyless entry (PKE) system.”

We have asked Honda for a comment, and we will update the story once we hear back.