Honda's Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles

A duo of researchers has released a proof-of-concept PoC demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system...

CVE-2022-27254

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626...

CVE-2022-27254

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626...

Design/Logic Flaw

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626...

CVE-2022-27254

The CVE-2022-27254 issue concerns Honda Civic family models (notably 2016–2020 per PT-2022-18332; 2018 Civic noted in the CVE) where the remote keyless system transmits the same RF signal for door open (and related actions), enabling a replay attack. Red Hat RH entries link this to CVE-2019-20626...

CVE-2022-27254

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626...

Exploit for Authentication Bypass by Capture-replay in Honda Civic_2018_Firmware

CVE-2022-27254 PoC for vulnerability in Honda's Remote Keyless...

Honda Civic 安全漏洞

Honda Civic is an automobile from Honda Japan. The Honda Civic 2018 model year has a security vulnerability in the remote keyless system that stems from the remote keyless system sending the same RF signal for every door open request, which allows replay attacks, related to CVE-2019-20626...

PT-2022-18332 · Honda · Honda Civic

Name of the Vulnerable Software and Affected Versions: Honda Civic versions 2016 through 2020 Description: The issue concerns a replay attack vulnerability in the remote keyless system of certain Honda vehicles, allowing unauthorized individuals to unlock doors and start the engine by interceptin...

CVE-2019-20626

The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack...

Open redirect

The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack...

CVE-2019-20626

The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack...

CVE-2019-20626

CVE-2019-20626 affects Honda/Honda HR-V 2017 remote keyless systems where the door-open request reuses the same RF signal, enabling a replay attack. The connected Red Hat entries corroborate a related issue in Honda HR-V/Civic lines and describe the underlying cause as transmitting an unencrypted...