Hackers have uncovered ways to unlock and start nearly all modern Honda-branded vehicles by wirelessly stealing codes from an owner's key fob. Dubbed "Rolling Pwn," the attack allows any individual to "eavesdrop" on a remote key fob from nearly 100 feet away and reuse them later to unlock or start a vehicle in the future without owner's knowledge.

Despite Honda's dispute that the technology in its key fobs "would not allow the vulnerability," The Drive has independently confirmed the validity of the attack with its own demonstration.
Older vehicles used static codes for keyless entry. These static codes are inherently vulnerable, as any individual can capture and replay them at will to lock and unlock a vehicle. Manufacturers later introduced rolling codes to improve vehicle security. Rolling codes work by using a Pseudorandom Number Generator (PRNG). When a lock or unlock button is pressed on a paired key fob, the fob sends a unique code wirelessly to the vehicle encapsulated within the message. The vehicle then checks the code sent to it against its internal database of valid PRNG-generated codes, and if the code is valid, the car grants the request to lock, unlock, or start the vehicle.

The database contains several allowed codes, as a key fob may not be in range of a vehicle when a button is pressed and may transmit a different code than what the vehicle is expecting to be next chronologically. This series of codes is also known as a "window," When a vehicle receives a newer code, it typically invalidates all previous codes to protect against replay attacks.

This attack works by eavesdropping on a paired keyfob and capturing several codes sent by the fob. The attacker can later replay a sequence of valid codes and re-sync the PRNG. This allows the attacker to re-use older codes that would normally be invalid, even months after the codes have been captured.

A similar vulnerability was discovered late last year and added to the Common Vulnerabilities and Exposures database (CVE-2021-46145), and again this year for other Honda-branded vehicles (CVE-2022-27254). However, Honda has yet to address the issue publicly, or with any of the security researchers who have reported it. In fact, when the security researchers responsible for the latest vulnerability reached out to Honda to disclose the bug, they said they were instead told to call customer service rather than submit a bug report through an official channel.

Despite being able to start and unlock the car, the vulnerability doesn't allow the attacker to actually drive off with the vehicle due to the proximity functionality of the key fob. However, the fact that a bad actor can get this far is already a bad sign.

At this time, the following vehicles may be affected by the vulnerability:

2012 Honda Civic
2018 Honda X-RV
2020 Honda C-RV
2020 Honda Accord
2021 Honda Accord
2020 Honda Odyssey
2021 Honda Inspire
2022 Honda Fit
2022 Honda Civic
2022 Honda VE-1
2022 Honda Breeze

https://www.thedrive.com/news/i-tried-the-honda-keyfob-hack-on-my-own-car-it-totally-worked

VictoryTeam12:
I have Sure and Reliable 2 ODDS for payment after winning

The games are 100% Trusted and Reliable.

No chance to lose and you aren’t going to regret staking high.

Add me up with my WhatsApp link below

https:///message/FK5CEPKE253WK1

You be fool

This is one of the disadvantages of technology there is always a bad egg that will prove you wrong and how dumb tech can be.