Malicious actors could exploit a flaw in Honda's remote keyless system to remotely unlock all Honda Civic models produced from 2016 to 2020, reports SecurityWeek
The vulnerability, tracked as CVE-2022-27254, involves the sending of the same unencrypted radio frequency for door locking/unlocking, boot opening, and remote engine starting, which could enable threat actors to launch man-in-the-middle attacks
, according to University of Massachusetts Dartmouth student Ayyappan Rajesh. Rajesh noted that the flaw is similar to the CVE-2019-20626, which had already impacted several Honda vehicles.
"Honda has not verified the information reported by this researcher and cannot confirm if its vehicles are vulnerable to this type of attack. Honda has no plan to update older vehicles at this time. At this time, it appears that the devices only appear to work within close proximity or while physically attached to the target vehicle, requiring local reception of radio signals from the vehicle owner's key fob when the vehicle is opened and started nearby," said a Honda spokesperson.