The basic concept of Rolling-PWN is similar to previous attacks against Volkswagen and Tesla and other devices, where someone uses a radio device to record a legitimate radio signal from a key and then transmits it The basic concept of Rolling-PWN is similar to previous attacks on Volkswagen and Tesla and other devices, where someone uses a radio device to record a legitimate radio signal from a key and then transmits it to the car to remotely start it.
The researchers who discovered the vulnerability used relevant equipment to recreate the scenario, and the vehicles alleged to have this security flaw include Honda Civic 2012, Honda X-RV 2018, Honda C-RV 2020, Honda Accord 2020/2021, Honda Odyssey 2020, Honda Insignia 2021, Honda Fit 2022, Honda Civic 2022, Honda VE-1 2022, Honda Haoying 2022.
In response to this matter, the relevant person in charge of Honda China responded, “We have paid attention to the reports and confirmed that the vulnerabilities identified in the reports can indeed be used to gain vehicle access by simulating remote keyless commands using sophisticated tools and technical means.”
“But even if technically feasible, this particular attack requires close proximity to the vehicle and captures the RF signal sent to the car by the wireless key several times in succession, and even if the door can be opened, the smart key cannot drive away the vehicle if it is not in the car.”
The person in charge also said, “When launching new products, Honda is also committed to regularly improving the security of the vehicle to prevent such or similar situations.”
