{"id":473491,"date":"2022-07-12T18:31:42","date_gmt":"2022-07-12T15:31:42","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/honda-key-fob-hack-affects-nearly-all-models-since-2012-review-geek\/"},"modified":"2022-07-12T18:31:42","modified_gmt":"2022-07-12T15:31:42","slug":"honda-key-fob-hack-affects-nearly-all-models-since-2012-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/honda-key-fob-hack-affects-nearly-all-models-since-2012-review-geek\/","title":{"rendered":"#Honda Key Fob Hack Affects Nearly All Models Since 2012 \u2013 Review Geek"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3ccbf25960e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3ccbf25960e\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/honda-key-fob-hack-affects-nearly-all-models-since-2012-review-geek\/#%E2%80%9CHonda_Key_Fob_Hack_Affects_Nearly_All_Models_Since_2012_%E2%80%93_Review_Geek%E2%80%9D\" >&#8220;Honda Key Fob Hack Affects Nearly All Models Since 2012 \u2013 Review Geek&#8221;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CHonda_Key_Fob_Hack_Affects_Nearly_All_Models_Since_2012_%E2%80%93_Review_Geek%E2%80%9D\"><\/span>&#8220;Honda Key Fob Hack Affects Nearly All Models Since 2012 \u2013 Review Geek&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div id=\"article-content-area\">\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-122867\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2022\/07\/a969aaab.png?width=1200\" alt=\"The 2012 Honda Civic on a wooden floor.\" width=\"1920\" height=\"1080\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\">Honda<\/span><\/figcaption><\/figure>\n<p>A newly-discovered \u201c<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/rollingpwn.github.io\/rolling-pwn\/\">Rolling Pwn<\/a>\u201d exploit allows hackers remotely unlock and start the engine of Honda vehicles dating back to 2012. This exploit circumvents safeguards put in place by Honda, and more worryingly, the carmaker denies that \u201cRolling Pwn\u201d is a genuine threat.<\/p>\n<p>Rolling Pwn is a variation on the common \u201creplay attack\u201d system, which uses a radio receiver to intercept and record a key fob signal. When played back, this signal can unlock a car.<\/p>\n<p>But several Honda models randomize their key fob signal using a \u201crolling code.\u201d This prevents the same key fob signal from working twice\u2014at least, that\u2019s the idea. As explained by Kevin2600 and Wesley Li, the discoverers of this exploit, Rolling Pwn forces Honda cars to reset their \u201crolling code.\u201d It makes the safeguard useless.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">I was able to replicate the Rolling Pwn exploit using two different key captures from two different times.<\/p>\n<p>So, yes, it definitely works. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/ZenCB3vX5z\">https:\/\/t.co\/ZenCB3vX5z<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/RBAO7ZtlXZ\">pic.twitter.com\/RBAO7ZtlXZ<\/a><\/p>\n<p>\u2014 Rob Stumpf (@RobDrivesCars) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/RobDrivesCars\/status\/1546171686675955712?ref_src=twsrc%5Etfw\">July 10, 2022<\/a><\/p>\n<\/blockquote>\n<p>Several videos now show Rolling Pwn in action. While it hasn\u2019t been tested on every Honda vehicle, it <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears to work on most models dating back to 2012. And as\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.thedrive.com\/news\/i-tried-the-honda-keyfob-hack-on-my-own-car-it-totally-worked\"><em>The Drive<\/em><\/a> notes, vulnerabilities that are similar to Rolling Pwn were logged in both <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-46145\">2021<\/a> and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-27254\">early 2022<\/a>.<\/p>\n<p>Honda hasn\u2019t made any attempt to warn customers of these vulnerabilities. It told security researchers that \u201cthe best way to report [Rolling Pwn] is to contact customer service,\u201d and in a statement to\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.thedrive.com\/news\/i-tried-the-honda-keyfob-hack-on-my-own-car-it-totally-worked\"><em>The Drive<\/em><\/a>, a Honda spokesperson stated, \u201cthe key fobs in the referenced vehicles are equipped with rolling code <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> that would not allow the vulnerability as represented in the report.\u201d<\/p>\n<p>So, if you own a modern Honda, you may want to leave a message with its\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/redirect.viglink.com\/?key=204a528a336ede4177fff0d84a044482&amp;u=https%3A%2F%2Fautomobiles.honda.com%2Finformation%2Fcustomer-relations\">customer service<\/a>. Both journalists and independent security researchers confirm that Rolling Pwn is an authentic vulnerability, but Honda denies that it exists. Honda needs to address this problem im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely, either through a recall or an OTA update.<\/p>\n<p><small>Source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/rollingpwn.github.io\/rolling-pwn\/\">Kevin2600 &amp; Wesley Li<\/a>\u00a0via <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.thedrive.com\/news\/i-tried-the-honda-keyfob-hack-on-my-own-car-it-totally-worked\">The Drive<\/a><\/small>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><script>\nsetTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s)}(window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n  fbq('init', '1137093656460433');\n  fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.reviewgeek.com\/122866\/honda-key-fob-hack-affects-nearly-all-models-since-2012\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Honda Key Fob Hack Affects Nearly All Models Since 2012 \u2013 Review Geek&#8221; Honda A newly-discovered \u201cRolling Pwn\u201d exploit allows hackers remotely unlock and start the engine of Honda vehicles dating back to 2012. This exploit circumvents safeguards put in place by Honda, and more worryingly, the carmaker denies that \u201cRolling Pwn\u201d is a genuine&#8230;<\/p>\n","protected":false},"author":1,"featured_media":473492,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reviewgeek.com\/p\/uploads\/2022\/07\/a969aaab.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-473491","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/473491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=473491"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/473491\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/473492"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=473491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=473491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=473491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}