Wirelessly unlocking cars and garage doors is easy with $32 'RollJam' device

Keyless entry systems can be pretty convenient, unlocking cars and opening garage doors by pressing a simple key fob's button. However they're not the most secure systems going around, and a can often be easily exploited through simple tools and clever hacks.

Security researcher Samy Kamkar has built a simple, clever tool called "RollJam" that easily defeats keyless locks on cars and garage doors by exploiting vulnerabilities with the way they function. RollJam is built using around $32 of components and is smaller than a mobile phone, making it perfect for stealth attacks.

RollJam is designed to defeat "rolling codes", a widely-used type of security implementation for keyless entry systems that changes the unlock code after each unlock attempt. In theory, if an attacker intercepts a code during transmission, a rolling code system makes the intercepted code useless for repeat entry attempts.

The way RollJam defeats rolling codes is simple. When a person attempts to unlock their car with their key fob, for example, RollJam blocks the wireless signal from reaching the car using a pair of radios while simultaneously capturing the code with a third radio. The person will realize their car hasn't been unlocked, and so will use their key fob a second time.

After the key fob is pressed a second time, RollJam blocks this signal, steals a second code, and re-transmits the first code it captured. The car accepts the first code and the person thinks everything is fine. Meanwhile, the thief using RollJam has a second unlock code stored and ready to use at a later date, and so long as the device is kept nearby, it can keep stealing and re-submitting codes until the thief wants to use it.

RollJam can unlock cars from a range of manufacturers, including Toyota, Ford, Chrysler, Nissan, and Volkswagen, as well as several types of garage door and alarm systems. Many of these companies are aware of the issue, and are implementing new keyless entry systems that put a short expiry date on each code, thereby defeating RollJam.

Since Kamkar has released details of this exploit to the public, it might even force these companies to upgrade existing systems, which without a hardware upgrade could remain vulnerable indefinitely.