Hack Attack Du Jour: keyless radio jammer saves unlock code for later

rolljamSamy Kamkar is back in the hacking seat again. Previously, he hacked the OnStar RemoteLink app with something he called OwnStar. This time, he figured out how to unlock cars by exploiting a weakness in keyless entry systems using a device, he calls RollJam. RollJam is made with about $32 worth electronic components.

Car key remotes use rolling codes to authenticate access. The same code cannot be used twice, however, there is no expiration date for when a code can be used.

When the owner presses the ‘unlock’ button while the RollJam is near, it jams the signal and prevents the car’s system from receiving the first unlock signal. When that first signal is jammed and fails to unlock the door, the user tries pressing the button again. On that second press, the RollJam is programmed to again jam the signal and record that second code, but also to broadcast its first code. The second code is saved for a later break-in.

Kamkar has been testing the RollJam on a Lotus Elise. He says the way to stop the device from working is to have the codes expire.

RollJam can unlock cars from a range of manufacturers, including Toyota, Ford, Chrysler, Nissan, and Volkswagen, as well as Cobra and Viper alarm systems and Genie and Liftmaster garage door openers.

“Every garage that has a wireless remote, and virtually every car that has a wireless key can be broken into,” said Kamkar.

Kamkar said that he was going to release his findings on Github.