Yes, Your Honda May Be At Risk GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Smart & Connected Life

Yes, Your Honda May Be At Risk

It could be unlocked by anyone

By Charlie Sorrel Charlie Sorrel Senior Tech Reporter Charlie Sorrel has been writing about technology, and its effects on society and the planet, for 13 years. lifewire's editorial guidelines Published on July 14, 2022 10:46AM EDT Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Smart & Connected Life Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Rolling-PWN is a new exploit that can unlock many Honda models from the last decade. The hack can also start a car, but you’ll need the original key fob to drive it away. The hack could affect other car manufacturers.
Zach Vessels / Unsplash Most Hondas from 2012 onwards can be remotely unlocked and even started by hackers, using an old trick that apparently still works. The good news is it's almost certainly impossible to drive the car away without the original key fob. Security researchers Kevin26000 and Wesley Li have discovered an exploit that records the wireless unlock signal from a Honda key fob and then plays it back at will. If this sounds like an old problem that carmakers have since fixed, you're correct. But the Rolling-PWN attack, as it is called, exploits built-in safety features to circumvent the security fix. The researchers say the attack works on all Honda models from 2012 to 2022, although they've only tested it on ten models. "Hondas of any model are very susceptible to break-ins and theft, as they lack the security features most other brands are very strict toward. Honda owners should take precautions by purchasing anti-theft car accessories like a club, boot, or a kill switch. These features are not 100% theft-proof, but they significantly lower the chances," Kyle MacDonald, director of operations at GPS vehicle fleet-tracking company Force by Mojio, told Lifewire via email.

Old School Hack

If you’ve watched any cop or private detective TV shows in the last decade, you’ve seen somebody use a radio device to capture the signal from a remote key fob, then play it back to unlock the vehicle later. Modern cars use a rolling code system to prevent these replay attacks. Every time you blip the remote and unlock the car, both the car and the remote change to a new code. This means the old code is instantly useless as soon as it’s used. Honda owners should take precaution by purchasing anti-theft car accessories like a club, boot, or a kill switch. These codes are synchronized, but what if your kid grabs the remote when you're away from the car and starts pressing the buttons? This would lead to the car and key fob going out of sync. To mitigate this, say the researchers, "vehicle receiver will accept a sliding window of codes, to avoid accidental [key presses] by design." Their attack works by sending several commands, in sequence, to the Honda, which then re-syncs the sequence. Thus, the attacker can then open the car at any point thereafter. The attack leaves no trace. You can see the hack in action at a Honda dealership here.

Should You Worry

This is a major hack, but you probably don't need to worry about your car being stolen just yet, although you should never leave any valuables in your car ever again (and that's good advice in general). The Rolling-PWN hack can unlock a car and even remotely start the engine on models that support it, but there's an additional safety feature that will save your vehicle. While you can remote start your Honda from afar, you can't actually drive it away unless you have the original key fob with you in the car. The attacker also has to be in physical proximity to it. "This hack only allows remote start, which doesn't allow you to drive the car at all. You would still need to get the actual key fob to drive the car away," commented car nerd Iamjason on a Verge article about this hack. But that doesn’t apply to all Hondas. According to Jalopnik’s José Rodríguez Jr., some Honda models still use an unencrypted code that doesn’t ever change. In William Gibson’s genre-changing SF novel Neuromancer, pretty much everything is online and can be hacked with the right skills. But what hackers cannot do is remotely open a door that uses a totally old-school technology to lock it—a physical key. This is a great metaphor for our computerized world today. What a physical key lacks in convenience, it makes up for in many cases with security. And right now, while Honda owners sit and hope that Honda recalls an entire decade’s worth of cars to fix this flaw, they might be wishing their cars locked with a plain old car key. Were they really so bad? Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Your Car's Driving Assistance Tech Isn't Meant to Be Used Alone—Here's Why How to Fix It When You're Locked Out of Your Gmail Account Why Your Car Key Remote Doesn't Work How to Unlock iCloud-Locked iPhones Apple Car: News and Expected Price, Release Date, Specs; and More Rumors Using a Remote Car Starter With a Manual Transmission How to Fix a Stuck Car Window 4 Free Online Car Games The 7 Best Smart Locks of 2022 What Is an FOB File? Choosing the Best Remote Start Kit Would Your Car Survive An EMP Attack? The 2 Best Remote Car Starters of 2022 5 Reasons iPhone Is More Secure Than Android Fixing a Car Radio That Stopped Working After the Battery Died Car Security Basics and 10 Ways to Deter Car Theft Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies