We have talked a lot about car hacking.
Recently researchers even demonstrated how hackers can remotely hijack Jeep Cherokee to control its steering, brakes and transmission.
Now, researchers have discovered another type of car hack that can be used to unlock almost every car or garage door.
You only need two radios, a microcontroller and a battery, costing barely under $30, to devise what's called RollJam capable to unlock any car or garage at the click of a button, making auto hacking cars so simple that anyone can do it.
The recent hack takes advantage of the same vulnerable wireless unlocking technology that is being used by the majority of cars manufacturers.
These wireless unlocking systems are Keyless entry systems that enable the car owner to unlock his car just by pressing a button sitting at his workplace remotely (within a range of 20 metres).
What RollJam does and How?
RollJam steals the secret codes, called Rolling Code, that is generated every time you press the unlock or lock button on your wireless key, and expires once they are used, according to Samy Kamkar, a white hat hacker behind RollJam.
The rolling code is basically a randomly generated pseudo code that is sent over a radio frequency to your car when you press the keyfob. The lock has a synchronized code generator that recognizes it and then destroys it so it can never be reused.
The key and the car then generate new code for the next time around, and the process repeats.
However, When a person presses the key fob to unlock his or her car, RollJam used its radio frequency in such a way that it first jams or blocks the signal and then covertly records it, forcing the car owner to press the button again.
Now, when the button is pressed the second time, the RollJam again jams the signal and record that second code, but also take the opportunity on the same signal to replay the first code it intercepted, unlocking the car.
So, when the victim parks his/her car, you can use that stolen signal to unlock the car. "Because I jammed two signals," Kamkar said, "I still have one that I can use in the future."
This process of RollJam has been tested on several makes of cars, and all were found vulnerable.
During a successful test, he found that RollJam works against a range of market-leading chips, including the High-Security Rolling Code Generator made by National Semiconductor and the KeeLoq access control system from Microchip Technology.
The $30 device was successful in unlocking electronic locks on cars, including Chrysler, Fiat, Honda, Toyota, Daewoo, GM, Volvo, Volkswagen Group, Clifford, Shurlok, and Jaguar.
Moreover, RollJam also works against some garage-door openers, including the Rolling Code Garage Door Opener manufactured by King Cobra.
RollJam is damaging the security because the rolling codes are invalidated only after it or a subsequent rolling code is received.
Devices like the RSA SecurID, by contrast, cause validation codes to expire after a specific amount of time. Therefore, Rolling Code in cars should also be associated with a period of time, researcher said.
Another way to mitigate hacks like RollJam is using a unique chip for every different car. Kamkar plans to present his creation at the hacker conference DefCon in Las Vegas.
Another way to mitigate hacks like RollJam is using a unique chip for every different car. Kamkar plans to present his creation at the hacker conference DefCon in Las Vegas.