PoC for vulnerability in Honda’s A long way-off Keyless Plan(CVE-2022-27254)
For instructional functions handiest.
Right here is a proof of thought for CVE-2022-27254, wherein the some distance off keyless system on diverse Honda vehicles ship the identical, unencrypted RF signal for every door-launch, door-shut, boot-launch and some distance off launch(if acceptable). This lets in for an attacker to snoop on the quiz and behavior a replay assault.
A long way-off.launch.sequence.mp4
• 2016-2020 Honda Civic(LX, EX, EX-L, Touring, Si, Model R)
•Key fob FCC ID: KR5V2X •Key fob frequency: 433.215MHz •Key fob modulation: FSK
•FCCID.io •HackRF One •Gqrx •GNURadio
- Producers need to put in force Rolling Codes, in another case identified as hopping code. It’s some distance a security know-how customarily feeble to make a unusual code for every authentication of a some distance off keyless entry (RKE) or passive keyless entry (PKE) system.
- Acquire doubtlessly the most of a Faraday Pouch for the key fob.
- Consume the PKE slightly than the RKE, this would maybe beget it vastly more strong for an attacker to clone/read the signal ensuing from the proximity they would must be at to total so.
Whilst you deem that you just are a sufferer of this assault, the finest fresh mitigation is to reset your key fob on the dealership.
•Prof. Hong Liu
•Prof. Ruolin Zhou