Replay-based attack on Honda and Acura vehicles
Original Post:
We discussed this vulnerability during Episode 80 on 07 September 2021
The title pretty accurately describes this issue, there is little to no security implemented within Honda and Acura keys/remotes. An attacker can simply capture and then replay it at a later time to the vehicle. This includes lock/unlock commands, opening the trunk, windows, or even starting the vehicle depending on the abilities of the remote.
As far as attacks go the author admits, this is not unique. It is however rather surprising. This is not some obscure attack, vehicle manufactures have been using rolling codes for precisely this reason. Heck, even many garage door openers use a rolling code system to prevent this sort of simple replay attack.