"Hackers Can Unlock Honda Cars Remotely in Rolling-PWN Attacks"

A group of security researchers discovered that several modern Honda vehicle models have a vulnerable rolling code mechanism that allows remote unlocking and engine starting. The vulnerability, called Rolling-PWN, enables replay attacks in which a threat actor intercepts the codes from the keyfob to the car and uses them to unlock or start the vehicle. To ensure that unique strings are used each time the keyfob button is pressed, modern cars use rolling codes generated by a Pseudorandom Number Generator (PRNG) algorithm. The rolling code mechanism was implemented to prevent fixed code flaws from enabling man-in-the-middle (MITM) replay attacks. Vehicles have a counter that checks the sequence of generated codes, increasing the count when a new code is received. Non-chronological codes are accepted, however, to cover situations such as accidental keyfob presses or when the vehicle is out of range. Researchers Kevin2600 and Wesley Li discovered that when the car vehicle receives lock/unlock commands in a sequential sequence, the counter in Honda vehicles is resynchronized, which causes the car to accept codes that should have been invalidated from a previous session. An attacker armed with Software-Defined Radio (SDR) equipment could record a series of codes and replay them later to unlock the vehicle and start its engine. This article continues to discuss the Rolling-PWN vulnerability and Honda's response to this discovery. 

Bleeping Computer reports "Hackers Can Unlock Honda Cars Remotely in Rolling-PWN Attacks"