Car hacking has been around for a while. The infamous 2015 talk by Charlie Miller and Chris Valasek demonstrated how a vulnerability with cars could lead to an attacker turning on, off the car or other important features such as …. I don’t know … THE BRAKES! This type of vulnerability could lead to massive deaths and lucky for all of us, researchers like Charlie and Chris are forcing car manufactures to take remediation when flaws are found seriously.
Unfortunately, vulnerabilities continue to be found. The hackernews recently posted about how a similar level of exploitation has been reported in various models from Honda. That post can be found HERE.
The highlights from the article are the following …
The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020. Credited with discovering the issue are Ayyappan Rajesh, a student at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart).
“A hacker can gain complete and unlimited access to locking, unlocking, controlling the windows, opening the trunk, and starting the engine of the target vehicle where the only way to prevent the attack is to either never use your fob or, after being compromised (which would be difficult to realize), resetting your fob at a dealership,” Berry explained in a GitHub post.
Hopefully this is resolved quickly by Honda.