Tuesday, 19/9/2017 | 8:35 UTC+8

All it takes is RM120 to unlock cars with Rolljam

Corolla-Altis-1.8G-keyless-630x298

Post by relatedRelated post

Corolla-Altis-1.8G-keyless-630x298

As reported on Tech Insider, a hacker named Samy Kamkar recently made a US$30 (RM120) device called Rolljam which can unlock cars by exploiting a weakness in keyless entry. According to the publication, Kamkar also built a device recently which is able to hack into GM’s OnStar system wirelessly (OnStar/GM has reportedly resolved the issue).

His latest hack exploits a basic vulnerability in the car and garage key that has been prevalent for quite a while. Essentially, car key remotes, just like garage remotes, use rolling codes to authenticate access.

rolljam3-e1439192393168-630x393

When one hits “unlock” on their remote key, a unique code is sent to the car’s system, the doors will open and the code will never be used again. While the same code cannot be used twice, there’s no expiry date on when the code can be used, and this is what Rolljam takes advantage of.

All a hacker needs to do is place this wallet-sized device near the targeted car, and when then owner presses the ‘unlock’ button, the device jams the signal and prevents the car’s on board alarm from receiving the electronic signal. Unbelievably, it also intercepts the code from the remote.

This is where it gets interesting. Once the infuriated owner tries to unlock the vehicle a second time, Rolljam (seen above) blocks the signal again, but steals the second code too. It then sends the first stolen code to the onboard alarm system to unlock the car.

According to the publication, Kamkar has tried this device on a variety of makes, but it has been primarily tested on a Lotus Elise, as he has access to it more often.

Kamkar believes its time for manufacturers to implement an expiration date for the rolling code, which would basically fix the problem. “This has been sort of a theoretical attack for many, many years. This is not by any means brand new or a big surprise,” he adds.

“The problem is no one has really demonstrated it, which is funny because the solution to this problem has been known about for more than 20 years and has been written about many times, but again no one has demonstrated it,” Kamkar said.

Source: paultan.org

Related Topic: What is Smart Key?

About

POST YOUR COMMENTS

Your email address will not be published. Required fields are marked *

F