Hi Guys,
Researchers Blake Berry and Ayyappan Rajesh have uncovered a security vulnerability in some Honda and Acura cars that, if exploited, will allow a hacker to do the following:
- Start the engine
- Lock the vehicle
- Unlock the vehicle
- Control the windows
- Open the trunk
How does the attack work:
- When using your keyless entry fob, it transmits authentication information to your car to open it. As you walk towards your car, your fob sends a message to the car that says, “Hey, it’s me; open up.” This signal is sent via unencrypted radio frequency (433.215MHz)
- Because this signal is not encrypted, a hacker can intercept the signal between the fob and the car so that they can replay the signal at a time that suits them. It is called a man-in-the-middle attack.
- Now that they have your signal, they gain access to the car and do everything listed above.
- In theory, they could also walk up to your front door with a simple device and grab your fob signal from inside your house. They could also ‘war drive’ around a neighborhood, collecting signals.
Note: Honda says that the hacker has to be in close proximity to the car to execute this attack, but the attack surface can be extended via mobile networks and range extenders to allow the attacker to be based anywhere.
The following vehicles are vulnerable to this type of attack:
- 2009 Acura TSX
- Honda Civic 2012
- 2016 Honda Accord V6 Touring Sedan
- 2017 Honda HR-V
- 2018 Honda Civic Hatchback
- 2020 Honda Civic LX
How do you stay safe:
Honda has said that they will not be able to fix this, so your options are limited. The best way to stay protected is to do the following:
- If you can, stop using the keyless entry device for your car.
- If you cannot stop using it, keep it stored in a faraday cage to block any signals. See the tip below on making your own faraday sage using aluminum foil and some plastic. Note: This will not protect you when you are using the fob as you will need to take it out of the cage to use it, but at least you will be protected when your car is not in use.
- Also, take your keyless entry fob to your local Honda dealer and have it reset regularly. If a hacker has captured your fob’s signal, a reset will stop them in their tracks. While you are there, ask them why they are not fixing this issue. If many Honda owners kick up a stink about this problem, Honda will have to fix it or provide you with a workaround solution or even some form of compensation.
Let me know if you need any more information about this or help with anything.
All the best,
Max Roberts,
Incognito Privacy Care Team