From the last few years, automatic keyless entry systems have largely replaced traditional physical keys as the means for locking and unlocking cars and garage door around the world. With a single push of button the electronic devices transmit a secret code that activates or deactivates the lock, reducing human manual efforts.
One of the serial hacker Samy Kamkar has discovered a device RollJam which is capable of unlocking any car or garage with a click of button making it so simple that anyone can do it. The device cost around $30, the device steals the secret codes so attackers can use them to gain unauthorized access to a car or garage.
What RollJam device does and How?
This device actually takes advantage of the same vulnerable wireless unlocking technology which is being used by the many of cars manufacturers. It works against a variety of market-leading chips, including the KeeLoq access control system from Microchip Technology Inc. and the High Security Rolling Code generator made by National Semiconductor.
RollJam device is capable of hacking electronic locks of various cars from Fiat, GM, Honda, Chrysler, Daewoo, Toyota, Volvo, Clifford, Shurlok, Volkswagen Group and Jaguar. RollJam Hacking device also works against a variety of garage-door openers, including the rolling code garage door opener made by King Cobra.
The rolling codes are basically a randomly generated pseudo code used by the RSA SecurID and similar two-factor authentication devices that is sent over a radio frequency to your car when you press the keyfob. The lock has a synchronized code generator that recognizes it and then destroys it so it can never be reused. The next time the electronic key is pressed, it will issue a different code. The key and the car then generates new code for the next time and the process repeats every time.
RollJam device contains two radios. The first one jams the airwaves to prevent the lock from receiving the rolling code sent by the electronic key. Because the car or garage door doesn’t unlock at first time, a user will surely press the lock or unlock button again. Once RollJam has collected the latter rolling code, it uses the second radio to broadcast the earlier rolling code to the lock. RollJam then stores the latter rolling code. Because the code was never received by the lock, it will remain valid. Say, after the car owner has locked the car and walked away, RollJam is able to unlock the car or garage door.
RollJam device is damaging the security because the rolling codes are invalidated only after it or a subsequent rolling code is received.
Kamkar told, Devices like the RSA SecurID, by contrast, cause validation codes to expire after a specific amount of time. Therefore, Rolling Code in cars should also be associated with a period of time.
Kamkar will be presenting the RollJam at the Defcon hacker convention in Las Vegas. Currently, RollJam is about the size of a wallet, but with additional efforts it could be the size of a car key.