Security researcher Samy Kamkar has created a device names Rolljam, designed to crack the wireless entry systems used by car and garage-door manufacturers.
Demonstrated at Defcon 2015, Samy demonstrated how a ‘victim’ would try to remotely operate their car or garage door with a fob, only to find that it doesn’t work.
When they try again, it will work, however it will have allowed the thief to steal a code to allow them future access to the car or garage.
As reported on engadget, car manufacturers created the ‘rolling code’ after thieves worked out how to wirelessly steal codes from early keyless devices.
The system works by changing the passkey every time a car owner uses a fob, preventing it from being used a second time.
However Samy’s Rolljam blocks the remote signal from reaching the vehicle with a pair of radios, then uses a third one to record the wireless code.
When the victim uses the fob the second time, Rolljam will again jam the signal and will steal the second code, re-transmitting the first code causing the car to unlock – leaving the fob-holder none the wiser.
As the car didn’t receive the second code, however, the code would then be able to be used by thieves at a later date to steal the vehicle.
Not stopping there, if the device is placed in proximity of a car or garage, it can keep stealing and retransmitting codes, ensuring it always has a working one.
Samy told Wired that he released details of his attack to force car and garage companies to upgrade older products. “My own car is fully susceptible to this attack. I don’t think that’s right when we know this is solvable,” he said.
Although other researchers have built similar devices, Rolljam is reportedly the first to automate the method, working on vehicles from Nissan, Ford, Toyota, Volkswagen amongst others, along with numerous brands of garage door openers.
Car manufacturers are aware of the issue, with some switching to a new system where the codes expire quickly, thereby defeating Rolljam.