RollJam is a $30 device designed to exploit a design flaw in the protocol that determines how keys communicate with car and unlock the majority of car doors.
The recent hacks of theJeep Cherokeeand the security patch issued byTeslafor its model S have raised the discussion on thecar hacking.
Now, security experts have revealed a new type of car hack that could allow an attacker to unlock almost every car or garage door.The researchers presentedRollJam, a cheap device composed of a microcontroller and a battery. RollJam is capable to unlock any car or garage door,it is easy to use and costs under $30.
RollJam exploits security vulnerabilities in the wireless unlocking technology that is currently implemented by the majority of car manufacturers.
Keyless entry systemsallowcar owners to unlock the vehicle remotelywithin a range of 20 metres.
RollJam was designed to steal the secret codes, also known as Rolling Code, that is generated by Keyless entry systems when the car owner presses the unlock or lock button on his wireless key. The Rolling code is a one-time code randomly generated and sent over a radio frequency to the car when the car owner presses the button of its key fob.
When the Rolling code is used the cargenerates a new one to use for the next time.
How doesRollJam work?
The principle is simple, when the car owner presses the key fob to unlock the car, RollJam used its radio frequency to block the signal and then records it.
The car will never receive the code and the car owner likely will press the button again. When the button is pressed the second time, the RollJam again jams the signal and record also this second code, meantime it reply to the challenge mechanism by providing the first code it intercepted, unlocking the car.
When the victim parks the vehicle in his/her car, you can use that stolen signal to unlock the car. “Because I jammed two signals,” Kamkar said, “I still have one that I can use in the future.”
Who is behindRollJam?
Of course one of the most talented hackers,Samy Kamkar, which invented numerous hacks in the past like theCombo Breaker,OpenSesameandKeySweeper.
As confirmed by the notorious hacker, theRollJam works on several carshe discovered that the attack works against widely adopted chips, including the High-Security Rolling Code Generator made by National Semiconductor and the KeeLoq access control system from Microchip Technology.
Among the car makers vulnerable to theRollJam device there areChrysler, Fiat, Honda, Toyota, Daewoo, GM, Volvo, Volkswagen Group, and Jaguar.
As we have anticipated at the beginning of this post,RollJam also works against some garage-door openers, including the Rolling Code Garage Door Opener manufactured by King Cobra.
As explained by the expert, in order to secure the Rolling code have to implement the code expiration after a specific amount of time. In alternative, it is suggested tomitigate RollJam by using a unique chip for every different car. Kamkar will provide details of it hack at the hacker conference DefCon in Las Vegas.
Subscribe to Cyber Defense Magazine
Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Related News
No related posts.