If you’ve been on the internet lately, you’ve likely seen the storm of news of Samy Kamkar’s device that can intercept and store keyless entry codes for cars and garages. Built for under $50 using a Teensy 3.1 and a couple of radios, the “RollJam” device is said to allow its user unfettered access to your automobile or garage, via stolen electronic codes.
The concept is fairly simple. The device tricks you into giving it a functional code for your car or garage by making it appear as though the first click of the remote simply didn’t work. By then clicking again, you’re giving it two functional codes. It can then sacrifice one code to unlock your car and keep you from thinking about the fact that you were just hacked.
Here’s a breakdown of how it works.
If you want more detailed information on how exactly he’s doing these things, you can download his presentation slides from Defcon (21mb). So far, he has not released the code to his github account.
Is it real?
Samy Kamkar has a history of publishing very interesting security projects. Probably best known for the Myspace worm which made him the most popular person on Myspace, he has also released plans for hacking older garage doors that use fixed codes, as you can see in the video below.
Should you be worried?
The jam/capture then jam/broadcast method of RollJam was proven to be functional last year by Spencer Whyte, though Whyte’s required a laptop as part of the process. RollJam hardware can fit into a much smaller box.
Theoretically, people could start making these as soon as the code starts to circulate. The hardware appears to be pretty simple and doesn’t cost much. The ability to copy and paste code onto a Teensy 3.1 microcontroller and have a functional device could mean that this may be a common hack in the near term.
As Kamkar points out, an update to how the rolling codes work in cars could be a quick fix to the vulnerability. However, most cars don’t have over-the-air update capabilities, so a generation of cars on the road now could be vulnerable to this hack, if the complete system is released. Car manufactures might have to update millions of cars to guard against it.