Cars and garage doors that use wireless keys to be locked and unlocked can be hacked, a hacker explained.
During DefCon, hacker Samy Kamkar demonstrated how a $32 radio device can unlock and open a car or garage door. The worst part is that once it is opened, the hacker can use the device to open the same vehicle countless times.
The owner will suspect nothing, aside from that strange first attempt at unlocking the door which, for no conceivable reason, fails.
So how does he do it? Wireless keys on cars and doors usually use something called “rolling codes”, where a code used to unlock the door changes on each use.
But if the first key generated isn’t used, but instead fails for some strange reason, it will remain active. That’s the catch. Kamkar’s RollJam device intercepts the first signal, blocking it from ever reaching the target device. To the user, it seems as the attempt simply failed. He tries again, gets another code, opens the door, goes on about his day.
But the hacker now has the first, original code, which works. And knowing that these codes have no expiry date, the hacker can open the doors whenever he wants.
Kamkar suggest moving from a simple rolling codes system to one that adds an expiring element to the mix.
Kamkar's hack affects may car brands, including those from Nissan, Cadillac, Ford, Toyota, Lotus, Volkswagen, and Chrysler and security systems from Cobra and Viper.
Not all models are affected. For example, Cadillac's more recent models are immune, as the car maker has switched to a more up to date security system.