$32 Hacking Device Opens Car & Garage Doors

RollJam, a contraption put together by a security researcher for less than $50 can unlock car and garage doors at will by exploiting digital keys, also known as rolling codes.

Hacker season is officially underway.

A contraption comprising of two radios, a microcontroller and a battery, all put together for less than $50 by an independent researcher can unlock vehicle doors and garage doors at will by taking advantage of a vulnerability in their keyless entry systems, Wired reports.

Samy Kamkar, the independent researcher who devised the radio device is set to reveal details of the gadget at the DefCon hacker conference in Las Vegas.

A Vulnerability the Car Industry Should Take Notice of

TypingAptly named ‘RollJam’, the devices willfully takes advantage of a vulnerability and fundamental flaw in the security protocol used by the locking mechanism in a majority of vehicle and garage doors.

“Every garage that has a wireless remote, and virtually every car that has a wireless key can be broken into,” claims Kamkar.

Here’s how RollJam works:

  • One-time authentication codes, also known as ‘rolling codes’ are quickly intercepted by RollJam when placed near a vehicle or a garage and the owner hits the button on his key.
  • These rolling codes are crucial as they’re the authentication codes transmitted between the car and the key with each lock and unlock. Significantly, there are no timeouts on these codes.
  • RollJam capably intercepts and captures the rolling code and jams the signal to ensure the car never receives it.
  • The owner will inevitably try the key again and this time, RollJam quickly transmits the first rolling key, unlocking the vehicle.
  • This automation happens so quickly that the owner is fooled into thinking that the second key-press worked whereas in actuality, RollJam has also acquired the next one-time rolling key, which a hacker can conveniently use at a later time to unlock the vehicle.

Kamakar explains:

“So when you are walking towards your car, you hit the unlock button — because it’s jammed, the car can’t hear it, however my device is also listening so my device hears your signal (and removes the jamming signal because it knows what to remove). Now I have a rolling code that your car has not yet heard.”

Vehicle security based on “rolling codes’ is used in most modern vehicles including trucks and cars’ keyless entry feature. Moreover, the same mechanism is also used in modern garage door openers, rendering millions of vehicles and garage doors vulnerable to a simple hack.

Kamkar claims he has tested the device successfully on vehicles manufactured by Nissan, Ford, Toyota, Lotus, Volkswagen, Chrysler and Cadillac vehicles.

RollJam is intended to bring attention to outdated security measures used by car manufacturers, Kamkar says.

“This is throwing the gauntlet down and saying, ‘here’s proof this is a problem,’” adds Kamkar. “My own car is fully susceptible to this attack. I don’t think that’s right when we know this is solvable.”

The technology for better security already exists, notes Kamkar. Two-factor authentication with codes that expire in seconds are already in use with consumer technology like Google Authenticator and SecurID by RSA.

Meanwhile, millions of keyless entries use security systems with codes that never expire, making your own car and garage doors (likely!) vulnerable.

Images from Shutterstock.

Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a master degree, now he combines his passions for writing about internet security and technology. When he is not working, he loves traveling and playing games.