HN
Today

10th Gen Honda Civic Updates Are Signed with AOSP Test Keys

Eric McDonald unveils a significant update on his 10th Gen Honda Civic headunit reverse engineering project, revealing a critical 'EvilValet' vulnerability. He discovered that Honda uses publicly known AOSP test keys, allowing arbitrary code execution via USB updates. This detailed technical exposé, complete with new tooling for custom firmware, is a compelling read for HN's security and automotive tech enthusiasts.

25
Score
3
Comments
#1
Highest Rank
16h
on Front Page
First Seen
Jun 14, 2:00 AM
Last Seen
Jun 14, 5:00 PM
Rank Over Time
6221113211248162025

The Lowdown

Eric McDonald, building on his prior research, shares an update on his reverse engineering efforts concerning the headunit of his 2021 Honda Civic. His latest findings detail the inner workings of the headunit's update process and expose a significant security flaw.

  • Exploitable Update Process: Honda Civic 10th gen headunits accept USB updates signed with a publicly known AOSP test key. This crucial oversight allows malicious actors to craft and install arbitrary software.
  • The 'EvilValet' Attack: Dubbed 'EvilValet,' this vulnerability permits an attacker with physical access to the car's front USB port to gain arbitrary code execution on the headunit by simply installing a custom update.
  • Open-Source Tools: McDonald has developed ota-builder to simplify the creation of custom, signed update files and apk-rebuilder to extract and organize components from official Honda updates, aiding further reverse engineering.
  • Community Contribution: The author invites technical users to contribute to mapping headunit software versions, refining a specialized ARMv7 toolchain for compilation, and exploring possibilities for custom themes and improved AIDL interface mapping.
  • LLM-Centric Documentation: McDonald advocates for generating robust tooling over extensive reference documentation, envisioning that these tools can produce digestible outputs that Large Language Models can then query for specific information, reducing maintenance overhead.

While McDonald considers his primary investigative work on the headunit largely complete, he emphasizes that the project remains active, welcoming community contributions to further explore and secure these automotive systems, underlining the profound implications of the 'EvilValet' vulnerability.