I locked my car. As I walked away I heard my car door unlock.I went back and locked my car again three times. Each time, as soon as I started to walk away, I would hear it unlock again!! Naturally alarmed, I looked around and there were two guys sitting in a car in the fire lane next to the store. They were obviously watching me intently, and there was no doubt they were somehow involved in this very weird situation. I quickly chucked the errand I was on, jumped in my car and sped away. I went straight to the police station, told them what had happened, and found out I was part of a new, and very successful, scheme being used to gain entry into cars.
Two weeks later, my friend’s son had a similar happening…. While traveling, my friend’s son stopped at a roadside rest to use the bathroom. When he came out to his car less than 4-5 minutes later, someone had gotten into his car and stolen his cell phone, laptop computer, GPS navigator, briefcase…you name it. He called the police and since there were no signs of his car being broken into, the police told him he had been a victim of the latest robbery tactic — there is a device that robbers are using now to clone your security code when you lock your doors on your car using your key-chain locking device….
When you hit the lock button on your car upon exiting, it does not send the security code, but if you walk away and use the door lock on your key chain, it sends the code through the airwaves where it can be instantly stolen.
Andy Greenberg reports for Wireless, that at a 2015 hacker conference DefCon in Las Vegas, hacker Samy Kamkar presented a gadget he’d developed called “RollJam” — a $32 radio device, smaller than a cell phone, that is designed to defeat the “rolling codes” security used in not only most modern cars and trucks’ keyless entry systems, but also in their alarm systems and in modern garage door openers. The devise enables an intruder to break into cars and garages without a trace and turn off their alarms.
Kamkar said, “Every garage that has a wireless remote, and virtually every car that has a wireless key can be broken into.”
THIS IS HOW ROLLJAM WORKS:
- Crooks using RollJam wait for an unsuspecting victim to use his or her key fob within radio range.
- The victim will notice only that his or her key fob doesn’t work on the first try. That’s because RollJam has jammed the key fob’s wireless signal with a pair of cheap radios that send out noise on the two common frequencies used by cars and garage door openers.
- At the same time, RollJam is “listening” with a third radio—one that’s more finely tuned to pick up the fob’s signal—and clones or records the user’s wireless security code.
- When that first signal is jammed and fails to unlock the door, the victim naturally tries pressing the key fob button again. On that second press, the RollJam is programmed to again jam the signal and record that second code, but also to simultaneously broadcast its first code. That replayed first code unlocks the door, and the victim immediately forgets about the first failed effort to unlock the door. Meanwhile, the RollJam has secretly stored away a second, still-usable code. Kambar explains: “You think everything worked on the second time, and you drive home. But I now have a second code, and I can use that to unlock your car.”
- Later, the crook simply presses a small button on the device to replay the intercepted code from the victim’s fob to open that car or garage.
More insidiously still, the crook doesn’t even have to be around! All that’s needed is for the crook to attach the RollJam to the targeted car or hide it near a garage. Kamkar says: “And then I can come at night or whenever and break in.”
Kamkar says he’d successfully tested RollJam on Nissan, Cadillac, Ford, Toyota, Lotus, Volkswagen, and Chrysler vehicles, as well as Cobra and Viper alarm systems and Genie and Liftmaster garage door openers. He estimates that millions of vehicles and garage doors may be vulnerable because the problem is in the chips used by many of those companies: the Keeloq system sold by the firm Microchip and the Hisec chips sold by Texas Instruments.
Kamkar said the solution is for companies to use chips with a system of codes that expire over short time periods, like the two-factor authentication systems of Google Authenticator or RSA’s SecurID which use codes that expire in seconds. In contrast, millions of car owners still protect their vehicles with vulnerable systems whose codes never expire. Kamkar said: “My own car is fully susceptible to this attack. I don’t think that’s right when we know this is solvable.”