A white hat hacker has developed a “universal remote” that is capable of unlocking the latest hi-tech cars and garages.
Samy Kamkar, an independent security researcher, says his tiny radio device can bypass “rolling code” security, which keeps new cars and modern garages safe and secure.
The idea behind this system is that every time you lock or unlock your vehicle or garage door, a new and unique set of codes is generated – it is never the same.
However, the $32 key, dubbed RollJam, is able to exploit a fundamental flaw in this system – the lack of a timeout on the codes.
As such, the device is able to intercept the newly generated code before it reaches the car via a radio signal, forcing the driver to press the button on his key at least twice (an inconvenience that can be easily overlooked by the victim).
These codes can then be used by a hacker to gain entry into a vehicle at a later date. The owner of the car simply thinks his fob is playing or up or that he hasn’t pressed hard enough on the button – he has no idea that the security of his car has been compromised.
“I can put it on your car, so that the device will always have the latest code,” Mr Kamkar said in an interview with Motherboard ahead of a talk he is giving today (Friday 7th August, 2015) at this year’s DEF CON Hacking Conference.
The hacker has so far tested his remote on a number of major car manufacturers, including brands like Ford, Volkswagen, Chrysler, Cadillac, Toyota, Nissan and Lotus.
Car hacking, which extends beyond entry and into control of a vehicle, has emerged as a key security issue in recent years.
Recently, two hackers demonstrated their ability to remotely take control of a Jeep. Not only were they able to modify the air-conditioning system of the vehicle and play around with the radio, they were also able to take control of the throttle and cut its transmission.