Certain Honda and Acura models are reportedly affected by a vulnerability known as replay attack. What this particular vulnerability does is allow a nearby hacker to unlock the affected vehicle and even start its engine.
Honda, Acura Models Affected by Replay Attack Vulnerability
Some Honda and Acura models are said to be affected by a replay attack vulnerability, according to a report by Bleeping Computer.
The report cites multiple researchers who have disclosed the vulnerability, including computer scientist Blake Berry as well as Cybereason CSO Sam Curry. Two professors from the University of Massachusetts, Hong Liu and Ruolin Zhou, have also been credited.
The replay attack vulnerability affecting these vehicles allows a nearby hacker to unlock the affected car and even wirelessly start its engine. The researchers have likewise revealed that the replay attack vulnerability is seen in older models and has largely remained unfixed.
Specifically, 2016-2020 Honda Civic (LX, EX, EX-L, Touring, Si, Type R) cars are the models that are primarily affected.
The Bleeping Computer report notes that a similar vulnerability was spotted in 2020 that likewise affected Honda and Acura models. Particularly, the affected models were:
- 2009 Acura TSX
- 2016 Honda Accord V6 Touring Sedan
- 2017 Honda HR-V (CVE-2019-20626)
- 2018 Honda Civic Hatchback
- 2020 Honda Civic LX
A similar vulnerability was also spotted earlier this year and shared on Twitter by a user with the handle @Kevin2600. You can view the tweet below:
So plus the one [CVE-2021-46145] I found a few months ago, we now have at least 3 CVEs related to Honda https://t.co/HoVahGCbtA Well done! @Honda :p
— Kevin2600 (@Kevin2600) March 24, 2022
Read Also: 2022 Honda Civic Si Price More Expensive vs. 2020 Model: Specs, Features, Reasons for Price Increase
How the Replay Attack Vulnerability Works
PCMag defines replay attack as "A breach of security in which information is stored without authorization and then retransmitted to trick the receiver into unauthorized operations such as false identification or authentication or a duplicate transaction."
In this specific case, the replay attack vulnerability has been tracked as CVE-2022-27254.
According to Bleeping Computer, "The attack consists of a threat actor capturing the RF signals sent from your key fob to the car and resending these signals to take control of your car's remote keyless entry system."
Will Honda Update Older Models?
The Bleeping Computer report also reveas that the publication has reached out to Honda regarding the vulnerability its older models have and the Japanese car maker has provided a statement.
Per the the report, the statement mentions that Honda has yet to verify the researchers' findings. Because of this, the company is unable to confirm the if their models are at risk when it comes to the replay attack vulnerability.
However, despite the potential risk, Honda has told Bleeping Computer that it "has no plan to update older vehicles at this time." Bleeping Computer's report has also noted that Honda reasoned out that car thieves can use other means in order to steal a vehicle.
Related Article: Are Tesla EVs Around the World Hacked? Teen Hacker Explains How He Gained Access To All Tesla Models
