10th Gen Honda Civic Updates Are Signed with AOSP Test Keys
librick
183 points
28 comments
June 14, 2026
Related Discussions
Found 5 related stories in 107.7ms across 10,416 title embeddings via pgvector HNSW
- Honda is killing its EVs – and any chance of competing in the future sylvainkalache · 31 pts · March 15, 2026 · 45% similar
- Civic opinion sharing to promote democracy devpromgr · 11 pts · March 15, 2026 · 41% similar
- U.S. DOJ demands Apple and Google unmask over 100k users of car-tinkering app tencentshill · 399 pts · May 15, 2026 · 40% similar
- Cars are trying to spy on you, and it's only just the beginning 1vuio0pswjnm7 · 213 pts · May 29, 2026 · 39% similar
- Motorola phones have started hijacking the Amazon app to insert affiliate codes Cider9986 · 53 pts · May 26, 2026 · 39% similar
Discussion Highlights (10 comments)
librick
To update 10th-gen Honda Civics, Honda ships updates on specially-formatted USB drives. They're essentially Android 4.2.2rc1-era recovery packages with some Honda-added version checks (which can be spoofed). The packages are signed with the publicly-known AOSP test key, so with physical access to the front USB port you can sign and flash your own package for arbitrary code execution on the headunit. This doesn't require root/su. I've run it end-to-end on my own 2021 Civic and separately confirmed an official EU update file carries the AOSP test-key signature. Tooling and writeup in the post.
DANmode
EvilValet, sick
t1234s
Could you use this to get a version of lineage OS running on it?
hankbond
Seeing more and more projects eschew code docs with the idea that "well architected code can be queried by LLMs" and stick to more functional runbook style docs. It really is unlikely that at any given point all of the docs of a project are up to date with the code. I'm generally aligned with this, but it is predicated on the whole "well architected" code part.
bri3d
Hyundai head units at one point used an RSA key you got by googling “RSA key” (no joke: https://programmingwithstyle.com/posts/howihackedmycar/ ), an honestly even more amazing mistake since it required effort rather than just a default.
BobbyTables2
I’ve heard product managers proudly proclaim their firmware was signed using the corporate internal signing service (good). Of course, the question explicitly being asked (related to internal mandate) was if the firmware was signed — not if the firmware update process actually checked the signature (it certainly did not).
hnav
Wonder how good the rest of the security is. The head unit is likely hooked up to a CAN gateway, can it call into telematics. Maybe find some novel way to abuse carplay/aa to call home.
userbinator
IMHO this is a good sign(!?) that they didn't even think about locking down their systems against the owner.
naturalmovement
If I'm reading the room, the sentiment is Honda is incompetent and their cars are security holes on wheels. But if the opposite happened, they would be technofascists locking us out of our own cars, a 30 post sub-thread "this is why I drive a 1999 Ford Ranger" would ensue, and someone would be investigating it as a possible GPL violation. Do I have this right? It's also a good assumption most people airing such complaints have never eaten in a restaurant fancy enough to have valet parking, let alone evil valets. That said, are evil valets known to tote around USB drives, or would they more likely use your navigation system to drive back to your empty house and clean it out while you're eating?
1-6
Honda knows how to build great cars but they haven't up-skilled their software knowledge.