CVE-2022-27254

Name of the Vulnerable Software and Affected Versions Honda Civic versions 2016 through 2020

Description The issue concerns a replay attack vulnerability in the remote keyless system of certain Honda vehicles, allowing unauthorized individuals to unlock doors and start the engine by intercepting and reusing the RF signal sent by the vehicle's remote keyless system. This is related to a man-in-the-middle (MitM) attack. The vulnerability can be exploited using relatively simple equipment, including a HackRF One SDR, a laptop, and specific software. It is estimated that models such as Type R, Si, EX-L, LX, Touring, and EX are affected.

Recommendations For Honda Civic versions 2016 through 2020, consider replacing the current protection system with a rolling codes system to prevent signal replay attacks. As a temporary measure, users may want to consider alternative security methods, such as using a different authentication system or keeping a closer eye on their vehicle. At the moment, there is no information about a newer version that contains a fix for this vulnerability.