2.9 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
51.5%
PoC for vulnerability in Honda’s Remote Keyless System(CVE-2022-27254)
For educational purposes only. Kindly note that the discoverers for this vulnerability are Ayyappan Rajesh, a student at UMass Dartmouth and HackingIntoYourHeart.
Others mentioned in this repository are credited for the support that they have provided but have played no active role in any research conducted related to this finding. If looking to publish these findings elsewhere, please refrain from associating this with any other persons, companies or institutions without any explicit approval.
This is a proof of concept for CVE-2022-27254, wherein the remote keyless system on various Honda vehicles send the same, unencrypted RF signal for each door-open, door-close, boot-open and remote start(if applicable). This allows for an attacker to eavesdrop on the request and conduct a replay attack.
• 2016-2020 Honda Civic(LX, EX, EX-L, Touring, Si, Type R)
•Key fob FCC ID: KR5V2X
•Key fob frequency: 433.215MHz
•Key fob modulation: FSK
•FCCID.io
•HackRF One
•Gqrx
•GNURadio
Manufacturers:
Consumers:
The precautions mentioned above ARE NOT foolproof
If you believe that you are a victim of this attack, the only current mitigation is to reset your key fob at the dealership.
• My professor :Prof. Hong Liu
• My mentor:Sam Curry
•My professor :Prof. Ruolin Zhou
•<https://www.youtube.com/watch?v=1RipwqJG50c>
2.9 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
51.5%