Hacker Demos $30 Gizmo That Unlocks Keyless Car, Garage Doors

Infamous security researcher Sammy Kamkar last week demonstrated a gadget that can intercept wireless signals to unlock cars and garage doors. Kamkar showed off the device, which cost him just US$32 to make, at the DefCon conference in Las Vegas.

Dubbed “RollJam,” the wallet-sized gadget works like this:

When the gizmo senses a signal from a key fob used to open a vehicle or garage door, it prevents the signal from reaching the door, while at the same time intercepting and storing the unlock code emitted by the fob.

To the person trying to open the door, it appears that the fob has failed. Typically, that will prompt the person to press the fob again. RollJam blocks that transmission, too, but at the same time sends the first intercepted code to the door.

To the person opening the door, it appears as if the second fob press opened the door. The individual remains unknowing that a hacker has captured the second code and can later use it to open the vehicle or garage.

Foiled by Fast Expiration

RollJam works with a wide array of motor vehicles — Nissan, Cadillac, Ford, Toyota, Lotus, Volkswagen and Chrysler — as well as Cobra and Viper alarm systems and Genie and Liftmaster garage door openers, according to Kamkar.

In fact, the device can compromise any hardware that uses the KeeLoq access control system from Microchip Technology, the High Security Rolling Code generator made by National Semiconductor, and Hisec chips sold by Texas Instruments.

However, newer systems — such as the Dual Keeloq system — will foil RollJam, Kamkar has acknowledged. That’s because their codes expire after a very short time, so stolen codes become stale before they can be used by an attacker.

Kamkar has built quite a reputation as a car hacker. He’s also made a $100 device called “OwnStar” that can “locate, unlock and remote-start any vehicle with OnStar RemoteLink.”

After he made that public, GM quickly closed that security gap.

Kamkar also developed OpenSesame by reprogramming a child’s pink toy to open a fixed-code garage door within seconds.

Low Risk for Most of Us

Since most vehicles don’t have the newer technology, car owners concerned about RollJam likely will resort to retro tech to protect their vehicles.

“I’m sure those people most concerned — people with something worth stealing — will take necessary precautions, like using a physical lock,” said Roger C. Lanctot, associate director of the global automotive practice for Strategy Analytics.

Most people need not worry about RollJam, though.

“I don’t want to ignore the seriousness of the security implications for high-traffic and high-security places that use this type of technology, but I don’t think that the average person needs to freak out and upgrade their garage doors,” said Adam Wosotowsky, a messaging data architect with Intel Security.

“With cars, most criminal elements are just going to break your window, unlock the door, and steal your stuff,” he told TechNewsWorld. “If you’re willing to steal from someone’s car, then you’re probably not the kind of criminal that does a lot of preplanning for your target.”

As cars become more connected, they also become more vulnerable, noted Adam Kujawa, a malware intelligence analyst with Malwarebytes.

“There are now more attacks available, and way more research being done to discover new ones, because of onboard computers and having cars that connect to the Internet,” he told TechNewsWorld.

“Anytime information is being sent from one system to another, there is a threat,” Kujawa said. “You can double that for wireless communications.”

More Connectivity Needed

On the other hand, those wireless communications also can be a means for auto makers to defeat hackers.

“Ironically, we will need connectivity to successfully defeat hacking of cars by keeping hacking defenses up to date,” Strategy Analytics’ Lanctot told TechNewsWorld.

“The auto industry has thus far failed to embrace connectivity with the same focus and intensity that it has pointed at safety systems,” he said.

“In fact, it is the safety systems — which take advantage of on-board computing — that have opened the door to hacking,” Lanctot pointed out.

“Simple steps have yet to be taken, in part because of the expense involved and the kind of monitoring required,” he added. “Car companies essentially need to monitor vehicles in the same way that Symantec and McAfee monitor computer networks.” Stealing the codes for unlocking motor vehicles and automated garage doors became easier last week.

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Hacking

TechNewsWorld Channels