© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Honda plays down key fob bug report


A hacker claims to have uncovered an exploit in Honda’s electronic key system that would allow a threat actor permanent access to any one of its cars manufactured in the past decade – the auto giant has stopped short of denying it outright but implied that the research is false.

“Our research disclosed a rolling PWN attack vulnerability that affects all Honda vehicles currently existing in the market from 2012 to 2022,” the hacker, going by their Twitter handle of Kevin2600, claimed on the social media platform. “This weakness allows anyone [to] permanently opens [sic] the car door or even start the car engine from a long distance.”

The exploit allegedly allows a threat actor to reuse an old code to access a targeted vehicle – in violation of a “rolling” mechanism on key fobs that should in theory prevent any sequence from being used more than once.

Kevin2600 then published Honda’s rebuttal in another Twitter post, commenting: “As expected, Honda denied the bug exists. So best [of] luck to all Honda owners.”

Honda for its part said the so-called research findings were based on “past similar allegations” that “lack substance.”

“While we don’t yet have enough information to determine if this report is credible, the key fobs in the referenced vehicles are equipped with rolling-code technology that would not allow the vulnerability as represented in the report,” it said.

Commenting on the Twitter thread, one user and car owner said: “Have a newer Honda that was broken into months ago. No physical signs of a break-in and it was locked. I wonder if this was the method used.”

Honda is not the first auto giant to come under scrutiny for its cybersecurity. In May it was reported that hackers could remotely unlock Tesla vehicles by exploiting a BlueTooth vulnerability.


More from Cybernews:

Hackers can remotely unlock Tesla by exploiting a Bluetooth vulnerability

How to keep your cryptocurrency safe

Ransomware knocks out French telecom firm

Disneyland Instagram account hacked to display racist and homophobic slurs

Twitter vows legal fight as Musk pulls out of $44bn deal

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked