{"uuid": "3ec4bb33-634f-45a4-9d32-3f110b424482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27254", "type": "seen", "source": "https://t.me/technical_private_cat/248", "content": "Hello, my Merry en \ud83d\udc2d\ud83e\udde9\n\nI want to give you the automotive vulnerability CVE-2022-27254 . \ud83d\ude97\nIt affects some models of Honda and Acura cars.\n\nIn it, an attacker can gain full and unrestricted access to lock, unlock, control windows, open the trunk, and start the engine of the target vehicle\n\nThe attack is this: the attacker intercepts radio frequency signals from your key fob, and re-sends them to gain control of the system without your car key.\n\nRead more CVE-2022-27254, is a MitM attack or, more specifically, a replay attack in which an attacker intercepts RF signals normally sent from a remote key fob to your car. \nThen re-sends them to unlock the car at will.\nSimply capturing the signal sent from the FOB is enough to gain some control over the vehicle, lol\ud83d\ude36\u200d\ud83c\udf2b\ufe0f. \nIf a target locks their car, all it takes is getting their signal and saving it to be able to replay the same command and get an appropriate response from the car.\n\nHonda told us that several automakers are using outdated technology to implement remote locking and unlocking features, and therefore may be vulnerable to \"determined and very technically advanced thieves.\"\n\n\"Currently, the devices seem to work only in close proximity or are physically attached to the target vehicle, requiring local reception of radio signals from the vehicle owner's key fob when the vehicle is opened and started nearby.\"\n\nNote that in its statement, Honda explicitly mentions that it has not verified the information provided by the researchers and cannot confirm whether Honda vehicles are indeed vulnerable to this type of attack.\nAnd as you can understand they're not too keen on fixing it. \n\nAnd that's it, be careful with your autos. \ud83d\ude98\n\nHere are some useful links to various poc and articles about this vulnerability\n\nLink  \nLink  \nLink  \nLink \nLink\n\nThanks for reading\u2764\ufe0f\nAnd remember: The baby the Duchess is rocking is actually a piggy \ud83d\udc37\n#car  #attacks #cve #exploit #news", "creation_timestamp": "2022-10-16T14:48:40.000000Z"}