High tech smart cars aren’t the only one susceptible to getting hacked. Even not so smart cars and garage doors that use wireless keys are open game to both playful and malicious hackers. At DefCon, hacker Samy Kamkar demonstrated how a $32 radio device can easily obtain a wireless key’s “signature” code, which can then be replayed later to unlock that same door. And the owner will suspect nothing, aside from that strange first attempt at unlocking the door which, for no conceivable reason, fails.
Grabbing those wireless codes isn’t exactly that hard to do. So in order to enhance security, wireless keys on car doors and garages usually employ a system known as “rolling codes”. Here, a fob’s code changes on each use and no code can be used twice ever. So even if someone did manage to eavesdrop on a code, he or she won’t be able to use it anyway.
Kamkar, however, found a way around that, so to speak. When a user first tries to unlock a car or garage door, RollJam intercepts and jams that signal, storing the code in the process. To the user, it would look like it just simply failed and tries a second time. In that second attempt, RollJam again intercepts and stores the second code but, at the same time, replays the first intercepted code, which the door will naturally still accept. Now the hacker has access to one working wireless code that can be used any time he or she has the opportunity to, whether it be days or weeks.
Kamkar’s hack affects may car brands, including those from Nissan, Cadillac, Ford, Toyota, Lotus, Volkswagen, and Chrysler and security systems from Cobra and Viper. Not all models, however, are affected. For example, Cadillac’s more recent models are immune. This is because the car maker has switched to a more up to date security system. And that is precisely Kamkar’s goal, to get these manufacturers to upgrade their security.
Kamkar suggest moving from a simple rolling codes system to one that adds an expiring element to the mix. For example, Keeloq, whose chips are used in almost all of these wireless key systems, has a more up to date Dual Keeloq feature that expires codes after a short period of time, rendering RollJam useless. Kamkar argues that if online or smartphone two-step authentication codes expire sometimes in a matter of seconds, why should car’s rolling codes be allowed to live forever.