This is a widely known Honda vulnerability. It is using what is called the Rolling PWN hack. I can demonstrate this on my little HACK-RF SDR... and the Flipper is just a mini version of that. It's been known for a while; Honda cannot fix easily and can only move forward with different solution as I understand.

 

This is total BS that Honda won’t fix this! $45,000 truck that won’t lock? 🤷‍♂️

 

Hey, they do the same thing with garage door openers. Potentially much more dangerous to family and to sellable items and cash…

 

Cars have always only been locked to the law abiding. Coat hangers, slim jims, bricks...never been all that hard to get into a vehicle.

No doubt modern keyless entry systems allow thieves who have some level of sophistication to enter with zero noise or fuss. Prior methods would at least require some risk of being caught.
Devices like these make it easy peasy. That's "progress" for you.

Can I go back to a good old fashioned key?

 

True. It used to be too easy. I could unlock practically any 80s chevy sedan with a school ruler. Came in handy when I locked my keys in the car. The coworker who showed me MAY HAVE BEEN a little shady.

 

It's not limited to only Honda. Others use rolling codes, including some garage doors. The person needs to actively target the victims' vehicle "while" they are using the fob capture process. And then the captured codes will eventually expire if they are not used within a given cycle period of usage.

I was just going to mention part of what @Jelly donut was saying.... Simple slim Jims are faster on many cars.

As said earlier, if a thief wants it, there will be brute force... I'm not worried about it, just a hack tool and we all know the Cat sometimes has the advantage and the Mouse at other times does.

 

So I have to press lock or unlock with them nearby? Or it can just scan the key being near?

 

It's a "Man in the middle" attack... You need to unlock it once while the thief is lurking somewhere with a Flipper that will record that action. Pretend the flipper is a tape recorder and it can hear the key fob.

After you lock and leave, the thief then plays back the code to unlock (replay hack). Honda changes codes each time you lock/unlock, but to eliminate error it still allows a certain number of old codes to work... that is the vulnerability.

 

Place your key in a lead lined case. My neighbor has a Mercedes and I told him that he could open the car and start it because he kept the key close to the car inside. Now you cannot drive far but it can be opened. So he got a lead lined box and keeps the keys there now.

 

This hack is a bit different. And doesn't have anything to do with STARTING the vehicle if the keyfob is past 6-10ft of the vehicle.

Typical use is to unlock with the recorded code-set... then the thief will have another device (usually a laptop) to plug into the OBDII port and take control of the vehicle or use a programmer to code a new key.

 

Interesting, so if I pop out the key from my fob and leave the fob at home and just use the key I should be fine?

 

Interesting, so if I pop out the key from my fob and leave the fob at home and just use the key I should be fine?

You wouldn't be able to start your vehicle though. But that said, if you did only use the physical key, I think you could avoid that.

 

That's what insurance is for. A Toyota fob can be put into sleep mode otherwise its always transmitting but that doesn't matter anymore as they now go through some cam bus or whatever they call it. Basically, there's some type of module behind the headlight and they're in within a minute or two and they drive off. We should have all kept our "clubs" from the 2000's.

For Hondas I've seen videos where they are gone in seconds after some sort of OBD hookup. A physical barrier is probably enough to make today's tech thieves pass but if they want it they'll take it. I wouldn't think a Ridgeline or its parts are high up on the priority list.

 

Some of you all are a little too paranoid.

 

It’s rampant in California, 17 cars on the street my dad parked on got hit. And it’s a nice neighborhood.

 

What you could do to prevent this is to take the battery out of the FOB. Then just use the key to open the door. Then put the dead fob directly in front of the push button. No RF used or needed for that method.

 

Why should innocent people have to change their lives because of some low-life scumbags? I have no patience for criminals, blue or white collared.

 

Agree but if you wanted to avoid the problems in an area known to be a problem it is a solution.

 

Those Flipper Zeros are expensive now that they're banned. No one in the bad hoods can afford them.

 

How many here have had their Ridgeline stolen, or have had any car of theirs stolen?
Bill

 

You could simply ask another statistically low security question?

• How many have had their identity stolen?
• How many have had their home broken into?

I've had an attempt on my 2004 Accord back in the day. But hey... could be worse, you could own a Silverado (below chart). That said, the statistics for those two Hondas mean 8 out of 100 of those combined Honda owners probably did... so ask the question in the Accord or Civic forum, you will probably get a hit. But Honda doesn't roll out nearly as many Ridgelines, so the odds are probably pretty low for the truck, I imagine.

 

Sometimes it is good to drive an old piece of junk. Don't remember the last time I even locked the doors on my 92 S-10. Crooks will always be at least 2 steps ahead of anything that can be done to prevent theft.

 

I once had a car alarm that had a toggle switch (hidden under the dash) that killed the ignition, or you could let it drive a few hundred yards before it killed the ignition. I bought the alarm from Sams Club back in the mid-90s for $58, installed it myself and got a $65 discount on my insurance.

I never had one of those clubs that goes on the steering wheel, but have the Kryptonite version of it. Kryptonite looked at all the ways thieves were defeating the Club and designed theirs to eliminate those issues. I still have that thing out in the garage.

I understand you can break into newer F150s through the taillight...

The only thieves that would want to steal a Ridgeline are those who want to outrun the cops on icy/snowy roads.

 

So what about not using the fob and instead pushing the button on the handle to lock and pulling the handle to unlock (i.e. not pushing buttons on the remote at all?) There is no remote transmission in that interchange and no vulnerability, correct?? Or am I missing someting?

 

This is what I am going to do but you can’t have the fob with you at all, they can read the code as soon as you are nearby, this is why you can open the door when you stand next to the truck.

 

Last summer some thieves hit a bunch of cars in my parking lot at around 7:30pm. I was teaching a class in my studio, and the gymnastics place down the row from my shop had a bunch of cars there, too. They mostly checked for unlocked doors, but they also smashed a few windows to grab purses or other valuable items that were left in view in locked cars. I'm not really worried abut the key fob. If they want in, they'll get in.

 

Drive a gen 1?

 

Honda needs a recall and to fix this period! They did crappy engineering that is now a safety issue, imagine kids left in the car when mom ran into the store? Not safe!

 

Yes this!!!! Those poor children could be kidnapped!!!

 

Any car that ever had a key fob that could remotely lock or unlock the car have been vulnerable to this, the devices used to just cost so much that only the government used them. Us radio geeks have known this for years. This is why I wait til I'm standing by the truck and can grab the handle to unlock it rather than pushing the button. I used to just use the key in the door. If it needs locking, I push the lock button on the door before I close it. Your only real defense against this sort of attack is just not to transmit. It's easy enough to do with your car, it's different with your garage door unless you park, go in side, push the button, pull the car in, etc - Honda isn't at fault here, the people who make the flipper aren't at fault here, the people who use one this way are at fault.

 

Your method of accessing and locking the vehicle is exactly what I do with my RL (and Venza) - there is no need to access the fob to lock the vehicle upon exiting. I have always just pushed the lock button on the door when getting out which is just affective (and easier) that getting the fob out of my pocket to do so. To me, the purpose of the fob is to expedite entry/exit and start the vehicle w/o a key which the fob is to a certain extent. I put the RL fob in my pocket, and it stays there until I arrive home and take it out. When I drive the Venza I only take the fob out to open the hatch when approaching the vehicle to load the bulky loot I bought.

 

Once again, locks, immobilizer systems, etc are to keep honest people from temptation; I've seen all kinds of zany anti-theft schemes used by my classic car buddies including kill switches, GPS trackers, etc.. A crafty thief can get around all of them.

There are hand held $500 "jammers" now you can get online to block LoJack, 5G, GPS signals - basically any RF transmitter.

Not gonna stay up nights worrying about a heavily insured modern car.

 

The only time the fob comes out of my pocket is when i remote-start the vehicle, or change pants.

If i have a phone in the same pocket, the fob range is really reduced. I often have to take the phone out of the pocket in order for the door to unlock. Could be a good theft deterrent....

 

For this reason we put our vehicles keys in a faraday box at home or use a faraday mini pouch when going out (groceries, mall, etc).
Isn't a problem in our area but you never know who is following you. Especially when you drive nice vehicles.
They just need to be close to clone your keyfob signal. Lots of videos out there of security cameras showing how quickly they can do it.

Amazon has plenty of them.
Once inside the faraday box/pouch the car can't see the signal. Is like you turn off the fob.

 

Good to know, but for me, I don't sweat it much, that's what insurance is for. I would be different if I had a classic or heavily-modified vehicle, but I can easily replace my Outback and Ridgeline. I live, play, and work in areas where there's little auto theft (except for a few "bad neighborhoods" where the inhabitants swipe each other's crap boxes). We DO have a good number of opportunistic property thefts from unlocked vehicles, though, so I never leave anything of value in sight. And catalytic converters of course, which there is no great way to defend against, though I've considered throwing a fake rubber snake or rat under there at night. LOL.

 

I have heard of this and being that my truck is parked outside I chose to get a faraday sleeve from Slnt. I verified it does block the signal so there is no signal to interrupt and steal. Pretty easy 20 bucks for a good piece of mind

 

I think there are misconceptions here and many folks are believing the fob transmits at all times (continuously)... and keeping in a shielded case helps. It doesn't.

If you are talking about just keeping the fob from being detectible from 6ft-10ft from your vehicle so auto-unlock doesn't open. I would imagine you're good without the faraday sleeve. It would never penetrate a wall from the home to allow it to be opened (and I would hope you would be past that 6ft-10ft range).

If you are speaking of putting it into a faraday sleeve for normal use as you try to operate your vehicle, that will never work, it needs to detect the fob to unlock (unless you use your key) but it needs it to start.