https://github.com/nonamecoder/CVE-2022-27254 Skip to content Sign up * Product + Features + Mobile + Actions + Codespaces + Packages + Security + Code review + Issues + Integrations + GitHub Sponsors + Customer stories * Team * Enterprise * Explore + Explore GitHub + Learn and contribute + Topics + Collections + Trending + Learning Lab + Open source guides + Connect with others + The ReadME Project + Events + Community forum + GitHub Education + GitHub Stars program * Marketplace * Pricing + Plans + Compare plans + Contact Sales + Education [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this user All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} nonamecoder / CVE-2022-27254 Public * Notifications * Fork 9 * Star 94 PoC for vulnerability in Honda's Remote Keyless System (CVE-2022-27254) 94 stars 9 forks Star Notifications * Code * Issues 0 * Pull requests 0 * Actions * Projects 0 * Wiki * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Wiki * Security * Insights This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. main Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags 1 branch 0 tags Code Latest commit @nonamecoder nonamecoder Update README.md ... 374f714 Mar 23, 2022 Update README.md 374f714 Git stats * 2 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md Mar 23, 2022 View code [ ] CVE-2022-27254 Disclaimer: Summary: POC videos: Vehicles Affected: Important Notes: Tools used: Prevention: Credits: References: README.md CVE-2022-27254 PoC for vulnerability in Honda's Remote Keyless System (CVE-2022-27254) Disclaimer: For educational purposes only. Summary: This is a proof of concept for CVE-2022-27254, wherein the remote keyless system on various Honda vehicles send the same, unencrypted RF signal for each door-open, door-close, boot-open and remote start (if applicable). This allows for an attacker to eavesdrop on the request and conduct a replay attack. POC videos: Remote.start.sequence.mp4 Door.unlock.sequence.mp4 Door.lock.sequence.mp4 Vehicles Affected: * 2016-2020 Honda Civic(LX, EX, EX-L, Touring, Si, Type R) Important Notes: *Key fob FCC ID: KR5V2X *Key fob frequency: 433.215MHz *Key fob modulation: FSK Tools used: *FCCID.io *HackRF One *Gqrx *GNURadio Prevention: * Manufacturers: 1. Manufacturers must implement Rolling Codes, otherwise known as hopping code. It is a security technology commonly used to provide a fresh code for each authentication of a remote keyless entry (RKE) or passive keyless entry (PKE) system. * Consumers: 1. Utilize a Faraday Pouch for the key fob. 2. Use the PKE as opposed to the RKE, this would make it significantly harder for an attacker to clone/read the signal due to the proximity they would need to be at to do so. [?][?] The precautions mentioned above ARE NOT foolproof [?][?] If you believe that you are a victim of this attack, the only current mitigation is to reset your key fob at the dealership. Credits: *HackingIntoYourHeart *Prof. Hong Liu *Sam Curry *Prof. Ruolin Zhou References: *https://www.youtube.com/watch?v=1RipwqJG50c *https://attack.mitre.org/techniques/T1040/ About PoC for vulnerability in Honda's Remote Keyless System (CVE-2022-27254) Resources Readme Stars 94 stars Watchers 4 watching Forks 9 forks Releases No releases published Packages 0 No packages published * (c) 2022 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.