As reported on Tech Insider, a hacker named Samy Kamkar recently made a US$30 (RM120) device called Rolljam which can unlock cars by exploiting a weakness in keyless entry. According to the publication, Kamkar also built a device recently which is able to hack into GM’s OnStar system wirelessly (OnStar/GM has reportedly resolved the issue).
His latest hack exploits a basic vulnerability in the car and garage key that has been prevalent for quite a while. Essentially, car key remotes, just like garage remotes, use rolling codes to authenticate access.
When one hits “unlock” on their remote key, a unique code is sent to the car’s system, the doors will open and the code will never be used again. While the same code cannot be used twice, there’s no expiry date on when the code can be used, and this is what Rolljam takes advantage of.
All a hacker needs to do is place this wallet-sized device near the targeted car, and when then owner presses the ‘unlock’ button, the device jams the signal and prevents the car’s on board alarm from receiving the electronic signal. Unbelievably, it also intercepts the code from the remote.
This is where it gets interesting. Once the infuriated owner tries to unlock the vehicle a second time, Rolljam (seen above) blocks the signal again, but steals the second code too. It then sends the first stolen code to the onboard alarm system to unlock the car.
According to the publication, Kamkar has tried this device on a variety of makes, but it has been primarily tested on a Lotus Elise, as he has access to it more often.
Kamkar believes its time for manufacturers to implement an expiration date for the rolling code, which would basically fix the problem. “This has been sort of a theoretical attack for many, many years. This is not by any means brand new or a big surprise,” he adds.
“The problem is no one has really demonstrated it, which is funny because the solution to this problem has been known about for more than 20 years and has been written about many times, but again no one has demonstrated it,” Kamkar said.
Looking to sell your car? Sell it with Carro.
Brillant
Usd$30 (RM120)……
“kejatuhan ringgit bagus kerana rakyat malaysia akan beli barangan tempatan”
I knew this day is coming. I hope these car manufacturers come out with a solution quickly.
Kudos to samy
So let’s just say it does open the car and you step in. Can it still start the engine ? Which is push button to start ? I doubt it can start the engine without the real key and most it can do if it is possible to open your car is to steal things inside which is not good also.
That’s prolly why no one bothers to demonstrate it in the past 20 yrs, it ends abruptly after the doors were unlocked.
Nevertheless, the dude is one really clever bastard
and they assured us that fully automated driving is risk-proof, very safe. ya right, i think i will stick with “manual” driving.
This is not new. If you ask police how those Toyota cars being stolen using the same signal jamming technique with a simple electronic device bought from taobao.com or aliexpress.com. You guys can search for it. It came out in local newspapers too. Police all knew it. They caught a few group of thieves with this similar carjacking technique.
15 years ago, just break the signal light bulb (the popular models were facelift KF80 Unser and Corolla Altis ZZE121/122). the alarm system will open circuit and malfunction. of course, that problem was rectified more than 10 years ago so no point trying on the latest innova and altis
Shouldn’t it be generating the 3rd code to lock the car for the next time? Since the first one unlocked, and second one already used? Since it says every time it generated different codes. Or any of those code are kept repeated in a cycle?
Locking and unlocking function on 2 seperate buttons on lots of cars.
good question. i think this the reason the device had jammed the alarm system.
modern alarm even proton waja has it is using rolling code signal. this is reason the remote cannot be used very far. unlike the days of proton iswara/wira which is using a single code signal. even u are in the 5th floor, can still lock/unlock the car. and panic button to scare suspicious/criminals away.
He’s lucky that he’s not in Bolehland. If anyone attempted that stunt here, especially to any powerful Bangsawan (Datuk above), he’ll definitely be arrested with ISA.
Those car owners who have keyless entry cars cannot
boast anymore. Useless feature.
I am intrested with rolljam