Security expert Samy Kamkar has revealed his RollJam device which can beat the security system commonly used on cars, garage doors, and some home security systems. The device is tiny, smaller than a cellphone, and is intended to be hidden near the car or garage that is being targeted. In the past, code grabbing devices were designed which could intercept the codes that were used to open cars and garages. To combat this development, most cars and garages now use a rolling code system, where a different code is used each time. Kamkar is not the first person to discover the method for beating rolling codes, Spencer Whyte developed a similar device last year. However, RollJam is designed to better automate this attack, and does not need to be plugged into a laptop like Whyte’s device.
The way rolling codes work is that both the device that is locked, like a car or a garage, and the device to unlock it are equipped with identical pseudo-random number generators. Every time the user tries to unlock the door, the key will generate and transmit a new pseudo-random code. The receiver tests this code against what it thinks the next generated code should be, often times testing against the next several codes in sequence to deal with the possibility of a missed transmission.
The first time the user tries to unlock their door, RollJam sends out noise on common frequencies used by cars and garage door openers to block the signal. While at the same time intercepting the code with a radio more fine tuned to pick it up than the intended receiver. When the button press fails to unlock the door, a user is likely to press it a second time. RollJam will again send out noise to block the signal, and record the second code, but it will also then send out the first code and unlock the door. A person is unlikely to be worried if the door opens on the second key press, but RollJam can continue this process again and again so that it always has the next code in sequence. A malicious individual can then use this code to break into the car or garage at some point in the future.
Kamkar has tested his device on Nissan, Cadillac, Ford, Toyota, Lotus, Volkswagen, and Chrysler vehicles; Cobra and Viper alarm systems; and Genie and Liftmaster garage door openers and found them all to be vulnerable to this attack. Kamkar has made this exploit public in the hopes of getting car and garage door companies to update their security. Kamkar is expected to release the code for RollJame on GitHub in the near future.
At least one company claims to have made changes to address this problem. Although most of the companies listed above declined to comment when questioned by Wired, Cadillac responded that this attack is well known to them as a security threat. Cadillac states that only older models are vulnerable to this attack and newer models use a new system. Kamkar confirmed that chips used in new Cadillacs are able to thwart his attack by using a system of codes that expire after short periods of time. Hopefully the remaining companies will be quick to upgrade their security now that they know this problem exists.
Are you worried about the security of your car or garage? Leave your comments below.