AutoBeta(AutoBeta.net)07/14 Report--

According to foreign media The Drive, some Honda models have security vulnerabilities that allow hackers to unlock cars remotely. The report pointed out that the security problem lies in Honda's repeated use of the unlock verification code in the database, allowing hackers to unlock the vehicle by capturing and replaying the code sent by the car key in a timely manner. This security vulnerability is called the Rolling-PWN attack vulnerability. If commands are continuously sent to the Honda vehicle through the key, the counters in the security system will be resynchronized so that the previous command data is valid again, which can be unlocked at will in the future if recorded.

It is simply understood that someone uses a radio device to record a legitimate radio signal from the key and then transmit it to the car, so this vulnerability may cause the car to be unlocked or even started remotely. The loophole involves a number of models released from 2012 to 2022, including Honda Civic 2012, Honda X-RV 2018, Honda C-RV 2020, Honda Accord 2020 Universe 2021, Honda Odyssey 2020, Honda Yingshi 2021, Honda Feido 2022, Honda Civic 2022, Honda VE-1 2022, Honda Haoying 2022 and so on. This is because there is a loophole in the keyless entry system of some Honda cars made between 2012 and 2022.

"We have investigated similar allegations in the past and found that they lack substance," a Honda spokesman said in a statement in response to The Drive. Although we do not have enough information to determine whether the relevant vulnerability reports are credible, the keychains of the above vehicles are equipped with rolling code technology, and it is impossible to have the vulnerabilities mentioned in the report. " According to the media, when the owner uses the keyless entry system to unlock the vehicle, the old vehicle will use static codes, which are not safe because anyone can capture and re-transmit the code signal to unlock the vehicle. Based on this, manufacturers use rolling codes to improve vehicle safety.

However, one blogger, ROB STUMPF, confirmed the vulnerability through tests. ROB STUMPF said that the vulnerability could indeed unlock and start the vehicle, but the attacker could not drive the vehicle away. In response to this matter, the relevant head of Honda China responded: "We have paid attention to the relevant reports and confirmed that the loopholes pointed out in the reports, using complex tools and technologies, can indeed be simulated by remote keyless instructions. Access to vehicles. But even if it is technically feasible, this particular attack requires getting close to the vehicle and capturing the RF signal sent to the car by the wireless key several times in a row. But even if the door can be opened, the car cannot be driven away without the smart key in the car. " In addition, the official also said: "when launching new products, Honda is also committed to regularly improving the safety performance of vehicles to prevent this or similar situation from happening."

In fact, at present, many vehicles will also use the Rolling key system to unlock, unlike the above loopholes, the normal Rolling key system unlock will use an one-time signal, that is, the same signal can not be used twice, even if the hacker successfully recorded it, it will not be used again.

In response to the above security loopholes, it is not clear how Honda will solve this problem.

Welcome to subscribe to the WeChat public account "Automotive Industry Focus" to get the first-hand insider information on the automotive industry and talk about things in the automotive circle. Welcome to break the news! WeChat ID autoWechat