You have to give car thieves this much credit: They’re always innovating.
By wirelessly stealing command codes from key fobs in a move called the “Rolling Pwn attack,” hackers have been able to unlock and start Honda vehicles, report ITSecurityGuru.com and automotive site TheDrive.com.
Each time you press a button on your key fob, a pseudorandom number generator (PRNG) sends a semi-random code to the vehicle, giving it a command to, say, unlock the doors or open the lift gate. The car then checks that code against a list of valid codes; and if it’s legit, it carries out the command. It is also supposed to invalidate previous codes to keep bad actors from reusing them. (This rolling code mechanism replaced the old system of fixed codes, which made it even easier to steal a car.)
Here’s the catch: There’s also another group of codes designated for use when the key fob is out of range of the vehicle. And in the case of Hondas, hackers are intercepting and recording these out-of-range codes. It uses them to resynchronize the number generator, keeping the codes valid and enabling them to steal the car at a later date.
“Yes, it definitely works,” reported TheDrive’s Rob Stumpf, who successfully used the Rolling Pwn to hack his own 2021 Accord with a software-defined radio.
Honda: Trick ‘cannot be used to drive the vehicle away’
Honda has acknowledged the problem but disputes what a hacker can do with the codes.
“We can confirm researcher claims that it is possible to employ sophisticated tools and technical know-how to mimic Remote Keyless commands and gain access to certain vehicles or ours,” Honda spokesperson Chris Naughton told USA TODAY in an email. “However, while it is technically possible, we want to reassure our customers that this particular kind of attack, which requires continuous close-proximity signal capture of multiple sequential RF transmissions, cannot be used to drive the vehicle away.”
