In the new generation cars, there is no such thing as opening the door or the ignition key anymore, many cars have electronic locks and one-button operation. Although this feature makes life easier, of course it is not perfect.
Two researchers uncovered a vulnerability in the keyless locking system of Honda vehicles. Moreover, this problem is not easy to fix. Worse still, this feature may be available in different models, especially Honda models.
Vulnerability in Honda cars
In the statement made by researchers Kevin26000 and Wesley Li, it was also explained how the vulnerability called RollingPWN works. In comparison to this, normally in Honda’s keyless lock system, an access code is generated every time a button is pressed. When a code is created under the usual rules, all previously created codes are rendered unusable. Thus, it is not possible to enter the systems with repetitive codes. Researchers have shown that old codes can be reloaded so that unwanted individuals can access the tools.
To find out which models affected the deficit, the researchers studied 10 different models produced between 2012 and 2022. These models took the form:
- Honda Civic 2012
- Honda XR-V 2018
- Honda CR-V 2020
- Honda Accord 2020
- Honda Odyssey 2020
- Honda Inspire 2021
- Honda Fit 2022
- Honda Civic 2022
- Honda VE-1 2022
- Honda Breeze 2022
It won’t be easy to fix
According to the researchers who discovered this vulnerability, he states that this problem may occur not only in these models, but also in all cars using similar infrastructure, especially other Honda models. The analysis of the problem also creates a different dilemma. Because the OTA update, which can be seen as the first solution to the problem, is not an available alternative for many Honda models. It does not seem possible to recall millions of vehicles.
Nor is this deficit the first problem Honda has faced this year. In March, it was revealed that the radio frequencies in the company’s cars could be infiltrated and these frequencies could be changed. A similar communication manipulation gap came to the fore in January.