This week, two security researchers and multiple news stories said that a security flaw in Honda’s keyless entry systems could make all of the company’s cars made since 2012 vulnerable to hackers.
A pair of Star-V Lab security researchers named Kevin2600 and Wesley Li says that the so-called “Rolling-Pwn” attack lets hackers steal codes linked to Honda key fobs from a distance.
Researchers say that hackers can use the stolen information to open doors and even start car engines from afar.
In a blog post about their findings, the researchers said, “This weakness lets anyone permanently open the car door or even start the car engine from a long distance.”
“We found it in a weak version of the rolling codes system, which is used in a huge number of Honda cars,” they said.
The researchers said that they tested the flaw on the 10 most popular Honda cars made in the last 10 years. They also had videos that showed the method and how it worked.
“Because of this, we are sure that the problem affects all Honda cars on the market right now,” they said.
The Drive’s own tests of the “Rolling-Pwn” attack on a 2021 Honda Accord and a software-defined radio confirmed what the researchers had found.
In a statement to The Post, a Honda spokesperson confirmed the flaw and said it affected “certain vehicles,” but did not say more about how big the problem was.
“We can confirm that researchers are right when they say that sophisticated tools and technical know-how can be used to imitate Remote Keyless commands and get into some vehicles, including ours,” a Honda spokesperson said.
“However, while it is technically possible, we want to reassure our customers that this type of attack, which requires continuous close-proximity signal capture of multiple sequential RF transmissions, cannot be used to drive the vehicle away,” the spokesperson said. “Also, Honda regularly adds better security features to new models that would stop this and other similar methods.”
