Hackers Remotely Start, Unlock Honda Civics With $300 Tech
An Anonymous Coward writes:
https://www.theregister.com/2022/03/25/honda_civic_hack/
Any models made between 2016 and 2020 can have key fob codes sniffed and re-transmitted
"If you're driving a Honda Civic manufactured between 2016 and 2020, this newly reported key fob hijack should start your worry engine.
Keyless entry exploits are nothing new. Anyone armed with the right equipment can sniff out a lock or unlock code and retransmit it. This particular issue with some Honda vehicles is just the latest demonstration that auto manufacturers haven't adapted their technology to keep up with known threats.
This security weakness, tagged CVE-2022-27254, was discovered by Ayyappan Rajesh, a student at University of Massachusetts Dartmouth, and someone with the handle HackingIntoYourHeart. Their research indicated that Honda Civic LX, EX, EX-L, Touring, Si, and Type R vehicles manufactured between 2016 and 2020 all have this vulnerability.
According to the duo, who thanked professors Hong Liu and Ruolin Zhou and mentor Sam Curry, "various Honda vehicles send the same, unencrypted RF signal for each door-open, door-close, boot-open and remote start. This allows for an attacker to eavesdrop on the request and conduct a replay attack.""
[...] The CVE page for this vulnerability makes mention of another, CVE-2019-20626, the same vulnerability found in 2017 Honda HR-V vehicles, which Paraguayan security researcher Victor Casares demonstrated in a 2019 Medium post.
Read more of this story at SoylentNews.