Replay-based attack on Honda and Acura vehicles

We discussed this vulnerability as part of our weekly podcast on 08 September 2021

The title pretty accurately describes this issue, there is little to no security implemented within Honda and Acura keys/remotes. An attacker can simply capture and then replay it at a later time to the vehicle. This includes lock/unlock commands, opening the trunk, windows, or even starting the vehicle depending on the abilities of the remote.

As far as attacks go the author admits, this is not unique. It is however rather surprising. This is not some obscure attack, vehicle manufactures have been using rolling codes for precisely this reason. Heck, even many garage door openers use a rolling code system to prevent this sort of simple replay attack.