The convenience that keyless entry systems provide cannot be denied, as door cars can be unlocked and garage doors opened with just a simple press of a button. However, these systems are not entirely secure, as revealed by a security researcher at the recently concluded Def Con conference for hackers.
Samy Kamkar, in a talk at Def Con, revealed the RollJam, which is a simple but clever device that can easily defeat the keyless locks found in cars and garage doors by taking advantage of vulnerabilities found in these systems.
Alarmingly, the RollJam was built using only about $32 worth of components and has a size smaller than a mobile phone, which makes the device a perfect one for covert attacks.
RollJam was designed by Kamkar to defeat the "rolling codes" that are a widely-used kind of security implementation found in keyless entry systems. This implementation changes the system's unlock code after every attempt to unlock it. Theoretically, if a hacker would intercept a code upon transmission, the rolling code implementation ensures that the intercepted code will be useless when the hacker will use it as that code has already been used and changed.
RollJam does things a bit differently to defeat rolling codes. If a person would use a button on his key fob to unlock his car, for example, RollJam will block the incoming signal from the key fob using two radios, while a third radio captures the code. The person, seeing that something went wrong as his car was not unlocked, would press his key fob once again to try to unlock it.
Upon pressing the key fob, RollJam will block the incoming signal again and intercept a second code. The first code that was captured would then be transmitted, which the car will accept, unlocking its doors. The person will think that nothing wrong happened, but the attacker will have the second unlock code and can use it after the person has left. If RollJam is kept near the target car, the device will keep stealing codes until the attacker decides to use the code to trick the keyless entry system.
RollJam was able to unlock vehicles from several manufacturers, including Chrysler, Ford, Nissan, Toyota and Volkswagen, along with different kinds of alarm and garage door systems. Many of the companies have been made aware of the potential exploit, and have started to implement new keyless entry systems that places an expiration time on codes to be able to repel attacks by devices such as RollJam.
Kamkar's release of the details regarding the exploit could force companies to make upgrades to existing systems, as without an upgrade to hardware, the exploit can remain indefinitely in these supposedly secure systems.