In theory, if an attacker intercepts a code during transmission, a rolling code system makes the intercepted code useless for repeat entry attempts. Any auto owner with a wireless remote, which is the case for most modern models, for both their beloved vehicles and their garages are at risk.
A hacker looking into ways to bust open his own wireless keyfob system has come up trumps, claiming to be able to hack any remote unlocking tool with a system that records and retransmits signals from the target’s key. When a person attempts to unlock their auto with their key fob, for example, RollJam blocks the wireless signal from reaching the vehicle using a pair of radios while simultaneously capturing the code with a third radio. His latest invention exploits an overlooked flaw left untouched by auto makers for a long period of time. The victim will notice that the key fob didn’t work on the first try, so he or she will press it again. The person will realize their auto hasn’t been unlocked, and so will use their key fob a second time. Since your vehicle didn’t receive the second code, however, it can now be used by a thieves to steal your auto anytime they want.
Other researchers have built devices that can hack vehicle locks in a similar way, but Kamkar is the first to automate the method. But by then, the auto owner might be faced with another issue, such as their vehicle being gone in the next few hours or a couple of days. It’s also a security hole that could be easily closed by making codes expire if unused after a certain length of time, though that may only be possible with costly aftermarket modifications for current cars.
For RollJam to work, the hacker has to place a wallet-size device somewhere on the targeted auto.
Kamkar has mainly tested the device on a Lotus Elise, because that’s what he has access to. He will reveal more details about how he conducted the exploit on Friday when he speaks at the hacking conference Defcon in Las Vegas. “This has been sort of a theoretical attack for many, many years”. This is not by any means brand new or a big surprise. “The problem is no one has really demonstrated it, which is amusing because the solution to this problem has been known about for more than 20 years online and has been written about many times, but again no one has demonstrated it”. “I don’t think that’s right when we know this is solvable”. It’ll appear to work the second time, but at that point, the thief will have stolen a code they can use to open your vehicle at their leisure.