A hacker has devised a way to unlock a wide range of ‘keyless’ car door security systems using components that cost around £20.
Called ‘RollJam’ by its creator Samy Kamkar, the proof-of-concept gadget exploits a security weakness in the wireless security chips used by car manufacturers such as Fiat, Toyota and Volkswagen.
Keyless car security systems rely on computer-generated codes sent wirelessly from the key to the car. Both key and car use sophisticated mathematics to generate a new code in tight synchronisation each time an unlock attempt is made – and only a key that generates a code the car is expecting will unlock the door. It’s a bit like a safe whose combination changes each time it’s used and only the owner knows what each new combination will be.
RollJam works by intercepting the key’s code when an owner attempts to unlock their car. The code is then stored by RollJam and the car doesn't receive it. In most cases, the owner will then simply use the key a second time after the first unlock attempt fails. This code is also intercepted and blocked, but then RollJam then sends the first signal to the car to unlock it — much to the owner’s relief.
However, many wireless car security systems only invalidate a key code after it’s been used, successfully or otherwise. Since the second code captured by RollJam wasn’t received by the car, it’s still ‘live’ and the hacker can then use it to unlock the car at their leisure.
Kamkar claims to have used the security flaw to open electronic locks on cars from a wide range of manufacturers and on some makes of wirelessly activated garage door. He was scheduled to present the gadget at the DefCon hacker conference in Las Vegas at the weekend, though there’s no news yet on the response from attendees — or car manufacturers.
Since the RollJam needs to be within wireless range of a car driver’s key, it’s unlikely to pose a major security threat for most people, though it’s easy to see how it could be used by thieves targeting high-value vehicles. It’s also a security hole that could be easily closed by making codes expire if unused after a certain length of time, though that may only be possible with costly aftermarket modifications for current cars.
This hack is just the latest to strike modern cars with supposedly strong security measures. Last month, hackers demonstrated how a Jeep Cherokee could be taken over by remote control — and without the real driver’s permission. Maker Fiat Chrysler was forced to issue a safety recall for 1.4 million cars in the US as a result.