Sign in to comment!

Menu
Home

State of the Car

Hacker's RollJam device can steal your car keys, open your garage

rolljam-solo-876.jpg

 (Samy Kamkar)

Your remote car key isn’t a key. It's billions of them.

It doesn’t have just one secret code to your car. That’d be too easy for someone to electronically intercept, copy and use.

Instead, your car key uses what’s known as “rolling code.” Every time you press the button, a new, randomly generated code is sent over a radio frequency to your car, which has a synchronized code generator that recognizes it and then burns it so it can never be used again. The key and the car then create new codes for the next time around, and the process repeats.

In case the two ends get out of sync -- say your kid grabs the keys when they’re out of range and presses the button a bunch of times -- the car can recognize a few hundred future codes. When it receives one of them, it disables all the prior ones.

It’s a proven system that’s secured tens of millions of cars and remote garage door openers for years. And now it may be useless.

White-hat hacker Samy Kamkar, who last week cracked GM’s OnStar smartphone app security and demonstrated his ability to illicitly unlock and start a car over a cellular network, has developed a device made from $20 worth of parts that he calls the RollJam, which does exactly what its name implies.

Kamkar tells FoxNews.com that when someone tries to use a remote key, the device copies the code and jams the signal so the car doesn’t receive it. When the user clicks his remote again, the device sends through the original code as it captures the new one, giving the attacker a valid code to use as he pleases.

The RollJam is small, not much larger than the remotes it emulates, and can likely be further miniaturized. The only caveat is that it needs to be within range of the key’s transmission to work, but that is often more than 50 feet. It needs to be programmed for the specific security system it’s attacking, but many brands use the same suppliers and Kamkar has tried it out successfully on several. He admits there may be newer verification protocols out there that it can’t beat, but he’s yet to encounter one, and that still leaves older car and garage doors vulnerable.

Kamkar will reveal more technical details on RollJam and his OnStar exploit at the Def Con 23 hacker conference in Las Vegas. The conference will also feature a Car Hacking Village, where you can find out all the other ways your car isn’t secure.