FILE IMAGE - General view of Honda Civic cars lines up ready for export on Dec. 10, 2020. (Photo by Andrew Matthews/PA Images via Getty Images) A security flaw recently uncovered by security researchers may allow hackers to remotely unlock and start several Honda vehicles made in the past decade.The attack, dubbed "Rolling Pwn," involves a vulnerability in the keyless entry system of many Honda vehicles made between 2012 and 2022.
A pair of Star-V Lab security researchers claim to have first discovered the bug, posting several videos of themselves unlocking and remotely starting various Honda vehicles in a recent report.Rob Stumpf, an automotive journalist at The Drive, later independently tried the Honda key fob hack on his own car — a 2021 Honda Accord — and succeeded in unlocking and starting it.Honda confirmed the researchers’ claims of the vulnerability in a statement to FOX Television Stations, saying it’s possible to gain access to certain vehicles produced by the automaker with "sophisticated tools and technical know-how."Modern vehicles are often equipped with a keyless entry system, which allows the car to be unlocked and started remotely.
When a person presses the unlock button on a paired key fob, the fob sends a unique code wirelessly to the vehicle, according to The Drive.Older vehicles used fixed codes for the keyless entry into the vehicle.
But since any individual can access and replay a static code to lock and unlock the car, this kind of mechanism is "inherently vulnerable," the automotive news website reports.The National Highway Traffic Safety Administration (NHTSA) officially start car recalls after receiving complaints from consumers.And so, vehicle manufacturers later introduced a "rolling code".