The attack is imaginable because to a remote keyless organization vulnerability ( CVE-2022 - 27254 ) that look to touch all Honda Civic ( LX , EX , EX - L , Touring , Si , and Type R ) railcar bring out between 2016 and 2020 . The trouble is that program line to unlock / interlace door , open the rush , or lead off the locomotive engine remotely all habituate the Lapplander unencrypted radio receiver frequence ( RF ) sign , harmonise to Ayyappan Rajesh , a scholarly person at the University of Massachusetts Dartmouth . As a effect , a valet - in - the - middle aggressor may mind in on the bespeak and so apply it to establish a action replay attempt . essentially , if an attacker is near a vulnerable vehicle , they can enchant the elevator car owner ’s outside signaling to outdoors and go the vehicle wirelessly , and and so recapitulate the superposable bodily function on their possess . The problem , on the former paw , is not newfangled . In fact , researcher first off key the opening of such approach in 2017 , and in 2019 a CVE identifier was provide ( cross as CVE-2019 - 20626 ) . “ A drudge can learn totality and unlimited admission to mesh , unlock , pull strings the window , opening move the luggage compartment , and set forth the locomotive engine of the target area fomite , ” grant to one investigator . Despite the fact that CVE-2019 - 20626 has been certify to feign a motley of Honda fomite fashion model , the investigator say that the car manufacturer has extend to utilise the vulnerable applied science in output . according to the investigator , snipe can be void if exploiter do n’t utilise their RF watch guard and Honda role a “ roll codification ” organisation , in which a Modern encipher is make each clock the user conjure the fob ’s clitoris , offer a More good hallmark mechanism . “ Honda has not independently substantiate the entropy provide by this research worker and is ineffective to support whether its fomite are vulnerable to this typewrite of aggress . ” Honda consume no project to update onetime vehicle at this metre , harmonize to a Honda spokeswoman . “ At this signal , it come along that the twist alone sour in near neighbourhood or while physically connect to the place automobile , ” the spokesman submit , “ want local anesthetic reception of radio receiver signal from the vehicle proprietor ’s describe watch chain when the vehicle is spread out and lead off nearby . ” fifty-fifty if an assaulter United States this technique to remotely unlock a car ’s doorway and commence the engine , they wo n’t be capable to movement it away until “ a legitimatise central watch chain with a differentiate immobiliser break away is present in the vehicle , lour the possibility of vehicle stealing , ” consort to Honda . “ There exist no grounds that the take door lock up vulnerability has leave in the power to driving an Acura or Honda vehicle , ” the instance read .