On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles.
Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. []. In a phone call, Kevin2600 explained that the attack relies on a weakness that allows someone using a software defined radio-such as HackRF-to capture the code that the car owner uses to open the car, and then replay it so that the hacker can open the car as well.
In the videos, Kevin2600 and his colleagues show how the attack works by unlocking different models of Honda cars with a device connected to a laptop.
The Honda models that Kevin2600 and his colleagues tested the attack on use a so-called rolling code mechanism, which means that-in theory-every time the car owner uses the keyfob, it sends a different code to open it.
This should make it impossible to capture the code and use it again.
The researchers found that there is a flaw that allows them to roll back the codes and reuse old codes to open the car, Kevin2600 said.
