Honda · Honda Accord 2020 · CVE-2021-46145
**Name of the Vulnerable Software and Affected Versions**
Honda Civic 2012
Honda X-RV 2018
Honda C-RV 2020
Honda Accord 2020
Honda Odyssey 2020
Honda Inspire 2021
Honda Fit 2022
Honda Civic 2022
Honda VE-1 2022
Honda Breeze 2022
**Description**
The keyfob subsystem in Honda vehicles allows a replay attack for unlocking, related to a non-expiring rolling code and counter resynchronization. This issue is connected to the system of keyless access in modern vehicles, based on rolling codes generated by a pseudorandom number generator algorithm to ensure the use of unique strings at each button press. A counter in the vehicles checks the chronology of generated codes, increasing the counter upon receiving a new code. However, researchers found that the counter in Honda vehicles resynchronizes when the vehicle receives consecutive lock/unlock commands, causing the vehicle to accept codes from a previous session that should have been deemed invalid. An attacker equipped with software-defined radio equipment can intercept a sequence of codes and replay them later to unlock the vehicle and start its engine.
**Recommendations**
For Honda Civic 2012, consider disabling the keyless access feature until a patch is available.
For Honda X-RV 2018, restrict access to the keyfob subsystem to minimize the risk of exploitation.
For Honda C-RV 2020, avoid using the keyless access feature in areas with high radio interference.
For Honda Accord 2020, Honda Odyssey 2020, Honda Inspire 2021, Honda Fit 2022, Honda Civic 2022, Honda VE-1 2022, and Honda Breeze 2022, temporarily disable the keyless access feature until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.