Demonstrating a Rollback Attack on a Honda via HackRF Portapack and an Aftermarket Security Solution

Over on YouTube "Obsessive Vehicle Security" has uploaded a video demonstrating a rollback attack against a Honda vehicle using a HackRF Portapack and the "Remote" function on the Mayhem firmware. His recent blog post also succinctly explains the various types of keyless vehicle theft used by modern thieves, including Roll-Jam, Relay Amplification and Rollback attacks. Regarding rollback attacks he explains:

A Rollback Attack works by capturing remote signals and replaying them. In theory this should not be possible with a rolling code remote system, however, a large number of vehicles are vulnerable to it. Including my 2015 Honda Vezel!

For it to work on the Honda I need to capture 5 consecutive remote signals. It does not matter if the car has seen these or not, when I replay them it re-syncs and unlocks the car. I have tested this and can replay the sequence as many times as I like. It always works.

He also mentions in the video how an aftermarket security system can partially mitigate these attacks.

In the past we also posted about Flipper Zero based rollback attacks.

Rollback Attack on Honda - HackRF One Bypasses Rolling Code Security

Tweet
Share
Reddit
Vote
Email

Related posts:

  1. Opening and Starting Honda Civic Vehicles with a HackRF Replay Attack
  2. Rolling-Pwn: Wireless rolling code security completely defeated on all Honda vehicles since 2012
  3. Opening a Parking Barrier with a HackRF Portapack and a Replay Attack
  4. Flipper Zero DarkWeb Firmware Bypasses Rolling Code Security
  5. Using a HackRF to perform a replay attack against a Jeep Patriot
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments