A newly-discovered “Rolling Pwn” exploit allows hackers remotely unlock and start the engine of Honda vehicles dating back to 2012. This exploit circumvents safeguards put in place by Honda, and more worryingly, the carmaker denies that “Rolling Pwn” is a genuine threat.
Rolling Pwn is a variation on the common “replay attack” system, which uses a radio receiver to intercept and record a key fob signal. When played back, this signal can unlock a car.
But several Honda models randomize their key fob signal using a “rolling code.” This prevents the same key fob signal from working twice—at least, that’s the idea. As explained by Kevin2600 and Wesley Li, the discoverers of this exploit, Rolling Pwn forces Honda cars to reset their “rolling code.” It makes the safeguard useless.
I was able to replicate the Rolling Pwn exploit using two different key captures from two different times.
— Rob Stumpf (@RobDrivesCars) July 10, 2022
Several videos now show Rolling Pwn in action. While it hasn’t been tested on every Honda vehicle, it appears to work on most models dating back to 2012. And as The Drive notes, vulnerabilities that are similar to Rolling Pwn were logged in both 2021 and early 2022.
Honda hasn’t made any attempt to warn customers of these vulnerabilities. It told security researchers that “the best way to report [Rolling Pwn] is to contact customer service,” and in a statement to The Drive, a Honda spokesperson stated, “the key fobs in the referenced vehicles are equipped with rolling code technology that would not allow the vulnerability as represented in the report.”
So, if you own a modern Honda, you may want to leave a message with its customer service. Both journalists and independent security researchers confirm that Rolling Pwn is an authentic vulnerability, but Honda denies that it exists. Honda needs to address this problem immediately, either through a recall or an OTA update.