Honda key fobs vulnerable to hack

If you are a long-time reader of this blog, you’ll know that while the majority of our focus is on business technology, I like to keep an eye on all technology, especially issues that can affect our quality of life and personal safety. Hondas are very popular (even here in Los Angeles where it seems like every 3rd car is a Tesla) and according to at least one statistics website, Honda accounts for between 8-9% of the U.S. car market in 2020 and 2021, and the Honda CR-V is near the top of the list of best-selling vehicles for the past several years. It’s safe to say that there are probably millions of Hondas on the road right now, and apparently any that are accessed using a key fob are vulnerable to a hack that allows attackers to unlock car doors and remotely start engines if the car has that capability.

What this means for you

If you own a Honda, you may want to give this article a read, which was based a relatively unknown vulnerability dubbed “Rolling-PWN” by the researchers/hackers that discovered it. The vulnerability is documented and published in the National Vulnerability Database run by the National Institute of Standards and Technology, which is about as official as you can get in terms of documenting vulnerabilities. Despite this, Honda has yet to confirm or even acknowledge the issue. Which also means that there is very little you can do about it other than the following:

1. Reconsider what sort of valuables you keep in your car, even if you don’t drive a Honda. This particular hack may not be limited to just Honda according to the researchers. It just happens to be the manufacturer they’ve tested and confirmed vulnerable across multiple years and models.
2. Even though they may be able to start the car, they can’t drive the car because they can’t exploit the proximity requirements of the key fob…yet. Regardless, if you park your car in a garage, make sure that it is well ventilated. Carbon monoxide kills, and some prankster might put you in real danger by leaving your car running for hours in garage with poor ventilation.
3. Perhaps write a letter to your local congress-critter (Representative and Senator) asking them to look into Honda’s seeming disregard for a significant security issue. If you are friendly with a local Honda dealership (because you own a Honda and use them for service), you could also stop in and show them the article and a link to the exploit on the official government website of vulnerabilities as well. If enough of us raise our voices, perhaps some of these big companies will take notice!