Security researchers have found a solution to remotely unlock and begin all kinds of Honda automobiles utilizing an exploit that targets the automobiles’ key fobs. Honda has tried to brush apart the claims, however the hack seems to be fairly simply reproducible. Even a reporter from The Drive managed to test out the exploit and efficiently hacked his personal automobile. Researchers say there’s no solution to guard towards the hack and no solution to decide if it occurred to you.

The assault, which has been dubbed “Rolling Pwn,” targets a bug in Honda’s distant keyless entry system, exploiting the best way automobiles transmit authentication codes between the automobile and the important thing fob. Using simply purchasable {hardware}, the researchers had been capable of digitally eavesdrop on and seize these codes, then redeploy them at will. This allowed them to simply unlock and begin vehicles affected by the vulnerability, which included fashions from way back to 2012 and as latest as 2022.

Quite disturbingly, there doesn’t seem like any repair for this situation. A Common Vulnerabilities and Exposures (CVE) log has been entered, nevertheless it doesn’t checklist a patch. Even worse, the researchers write that there’s no solution to inform whether or not somebody has focused your automobile with the exploit, because the “exploitation does not leave any traces in traditional log files.” In different phrases, somebody may execute the exploit, rifle by means of your automobile, take it for a spin, park it the place you left it, and, until you caught them, you’ll don’t have any means of figuring out that something occurred apart from a suspiciously low gasoline tank.

The situation was found by a pseudonymous researcher who goes by “Kevin2600,” and his analysis companion, Wesley Li. The analysis extremely resembles—however differs barely—from risk analysis on an identical Honda vulnerability that was discovered in March. The “Rolling Pwn” researchers write:

“The goal of our research was to evaluate the resistance of a modern-day RKE [remote keyless entry] system. Our research disclosed a Rolling-PWN attack vulnerability affecting all Honda vehicles currently existing on the market (From the Year 2012 up to the Year 2022),” the researchers wrote. “This weakness allows anyone to permanently open the car door or even start the car engine from a long distance.”

The analysis identifies the next fashions as being susceptible to the exploit: 2012 Honda Civic, 2018 Honda X-RV, 2020 Honda C-RV, 2020 Honda Accord, 2021 Honda Accord, 2020 Honda Odyssey, 2021 Honda Inspire, 2022 Honda Fit, 2022 Honda Civic, 2022 Honda VE-1, 2022 Honda Breeze. However, different automobiles apart from Honda may be affected, researchers write.

Rob Stumpf, of The Drive, examined out the exploit for himself and shared a video of the hijacked automobile beginning up:

Unfortunately, Honda doesn’t seem like taking the analysis too critically. Kevin2600 says that he reached out to Honda in regards to the vulnerability he was instructed to contact customer support. When Vice News reached out, the corporate apparently despatched them an announcement claiming that the analysis was “old news.” An organization spokesperson instructed the outlet:

“We’ve looked into past similar allegations and found them to lack substance. While we don’t yet have enough information to determine if this report is credible, the key fobs in the referenced vehicles are equipped with rolling code technology that would not allow the vulnerability as represented in the report. In addition, the videos offered as evidence of the absence of rolling code do not include sufficient evidence to support the claims…”

“As expected Honda denied the bug exists. So best luck to all Honda owners :P,” the researcher tweeted, following the publication of Vice’s story.

Gizmodo additionally reached out to Honda for remark and can replace this story if it responds.