Honda Bug Lets Hacker Unlock and Start Your Car with Replay Attack | How MTE Technology Could Fix This

UPDATE JULY 2022

As of July 11, 2022, BleepingComputer has reported that a team of security researchers has found that several modern Honda car models are vulnerable to Rolling-PWN attacks due to vulnerabilities in the rolling code system which Honda implemented to protect against replay attacks. These Rolling-PWN attacks allow hackers to unlock and even start the cars remotely. To read more about this attack, click here.

_________________________________

March 2022: BleepingComputer reported on March 25, 2022, that researchers have disclosed a ‘replay attack’ vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance. The attack consists of a threat actor capturing the RF signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system. To read more about this vulnerability from BleepingComputer, click here.

What is their proposed fix?

The proposed fix is to use a rolling code system. The problem with this is there are known attacks that have shown that this method is still not secure enough because of the need to keep so many codes valid.

How could Eclypses MTE Technology solve this problem?

“MTE would secure these commands with instantly obsolete random replacement values that are unrelated to the data thwarting man-in-the-middle attacks that make this vulnerability possible,” states Aron Seader, Eclypses Senior Director of Core Engineering. With Eclypses MTE technology, hackers would not be able to manipulate or replay the packets that would perform these actions. MTE would be able to handle the lost packets with our sequencing verifier instead of leaving codes valid.

“MTE is a modern-day solution to an old problem, instead of an old solution to an old problem,” comments Joe Jeanjaquet, Eclypses Senior Director of Applied Technology.

Interested in learning more or looking at our test environment to demonstrate this? Reach out to our team today.

Contact Us