Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Car Remote Entry Keyfobs Vulnerable to Hacking by $32 Device

by Fox Van Allen on August 10, 2015

Remote vehicle access keyfobScary news out of the DefCon conference in Las Vegas this weekend: Your car may not be as safe and secure as you think it is. Hacker Samy Kamkar made a presentation on a device he created called RollJam that effectively allows him access to any car or garage with keyless remote entry. Scarier still, the device can be made by just about anyone with some technical expertise and $32 in their pocket.

“This is throwing the gauntlet down and saying, ‘here’s proof this is a problem,’” Kamkar told Wired. He hopes shedding light on the issue will lead towards a fix. “My own car is fully susceptible to this attack. I don’t think that’s right when we know this is solvable.”

Here are the basics of how Kamkar’s tech works. A would-be thief would attach a small receiver device to your car, or place one near your garage door. When you approach and press the button to open your vehicle or door, the receiver records that code and blocks your car from hearing it. When you press the button a second time, generating an entirely different code, the receiver again blocks the car from hearing the code. But this time, it replays the first code, commanding the car to unlock its doors. You then drive off, unaware that a thief is following you, waiting to unlock your door with the second stored code on the receiver and steal whatever’s inside your car (or the car itself) after you leave it parked.

RollJam has been tested on a number of different vehicle makes, including Nissan, Cadillac, Ford, Toyota, Lotus, Volkswagen and Chrysler. Genie and Liftmaster garage door openers are also vulnerable to hack in this manner, as are Cobra and Viper car alarm systems.

Kamkar is not the first person to have discovered this particular vulnerability. But he is taking a step that other hackers haven’t – he’s publishing the code needed to execute the attack.

Fortunately, some carmakers are aware of how easy it is for standard remote vehicle entry systems to be hacked. Cadillac, in particular, has moved to a hack-proof system in its 2015 line. And other carmakers now have access to a new remote entry chip called Dual Keeloq that creates access codes that expire over time. These are much less vulnerable to attack, especially in this manner.

In April, it was revealed that a different type of automatic keyless remote entry system used in cars like the Toyota Prius and Mazda 3 is also vulnerable to hacking. Perhaps even more worrying, last month over 1.4 million Chrysler vehicles were recalled due to a security vulnerability in their Internet-connected entertainment systems that could lead to the car’s functions being remotely taken over.

[Car keyfob via Shutterstock]


Car Tech & Safety, News, Travel & Entertainment, Blog

Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.