The RollJam device will break into your vehicle or garage without a trace.
Advertisement
His latest hack exploits a basic vulnerability in the auto and garage key that has been prevalent for quite a while. While the same code cannot be used twice, there’s no expiry date on when the code can be used, and this is what Rolljam takes advantage of. In that second attempt, RollJam again intercepts and stores the second code but, at the same time, replays the first intercepted code, which the door will naturally still accept. Now the hacker has access to one working wireless code that can be used any time he or she has the opportunity to, whether it be days or weeks. When a victim presses the door unlock button on their vehicle’s fob, it mysteriously won’t work on the first try, but it does on the second. When it comes to both online security and real-world security, hackers have already devised 10 new tools by the time security researchers come up with an effective way to block one old tool. Last week, he revealed a homebuilt device that can intercept signals from the OnStar smartphone app to track, unlock, and remote-start a auto connected to the app.
In Mission: Impossible Rogue Nation Tom Cruise character Ethan Hunt is using a small matchbox-sized gadget to open any door. Meanwhile, the device retains the second code it picked up so it can be used again when the hacker retrieves the device. Vehicle and garage door remotes use rolling codes to send signals to the auto or garage – each time you press the button the remote sends a different coded signal. “My own vehicle is fully susceptible to this attack”. The first code that was captured would then be transmitted, which the vehicle will accept, unlocking its doors. You can see a photo of the device over at TechInsider.
Does this mean you should go out and buy a new auto? Auto manufacturers have implemented some systems to prevent this sort of thing, but many cars on the market are vulnerable. He plans to reveal more information about the hack Friday during a talk at the hacking conference Defcon in Las Vegas.
“The problem is no one has really demonstrated it, which is amusing because the solution to this problem has been known about for more than 20 years and has been written about many times, but again no one has demonstrated it”, Kamkar said. And that’s because the RollJam uses a pair of radios to broadcast noise and temporarily block the signals from actually reaching the vehicle, while a third radio captures and records the code.
Advertisement
Kamkar explains that it’s the companies that make the keyless entry computer chips, not the automakers themselves, that have ignored this vulnerability for so long.
