A $32 device that could unlock your car door and open garages is set to go on the market soon, according to a hacker who says he is drawing attention to a long-known security problem.
"The hardware itself, this is all publicly available hardware," said Samy Kamkar, a hacker extraordinaire, showing us via web cam his newest invention, RollJam.
The device, he said, can open your garage door and unlock your car with the touch of a button.
"I actually think thieves have been using technology like this for years," said Kamkar, who is presenting the technology this week at Defcon.
Here's how it works: The device is nearby when you use your key to unlock your car and acts as a middle man, blocking the signal and saving the code. You hit your key again and go on your way, but the hackers now have a code to get into your car anytime they want.
Kamkar says he successfully tested his product a wide range of cars including Ford, Chrysler and Toyota, as well as Cobra alarms and Liftmaster garage door openers.
"Oh, I have no question this will work," said Steve Beaty, a cybersecurity expert with MSU Denver. "I don't think people should be scared. For one there is going to be a concerted effort in the industry to make this go away."
There is a fix already available -- a microchip that expires the codes after few seconds, but Kamkar speculates many manufacturers haven't upgraded their technology because of cost.
Some newer models of cars already have the technology in use.
Kamkar said it is not his intention to give thieves a way to plug and play with his device, so he is only releasing a version of the source code for researchers and vendors -- enough to get them to pay attention to his warning.
"I believe thieves are already using this type of technology," said Kamkar. "It’s only once you make it public enough you actually see change. There’s already a solution to this problem, and the issue is vendors aren’t using it."
We contacted several of the manufacturers RollJam reportedly worked on and received the following responses.
Nissan
"We have not yet confirmed that any Nissan vehicle was exploited by the author of this study, and Nissan continuously strives to keep its automotive IT infrastructure as up-to-date as possible. As the potential for hacking into the electronic systems of all automobiles may grow, we continue to integrate security features into our vehicles to help protect against cyber-attacks."
Liftmaster
"We are diligently trying to learn as much as we can, as quickly as possible. The safety of our customers’ businesses, homes and families is our top priority, and we are continuously updating our systems to bring our customers innovative solutions and technologies that enhance their safety and security."
Volkwagen
"Volkswagen has no comment on this topic."
Ford
"Ford takes vehicle security very seriously. We invest in security solutions that are built into our vehicles to deter theft. Our security team routinely monitors and investigates new ways thieves are targeting our vehicles to maintain a high level of deterrence. We’re currently assessing the details of the hack to better understand the device’s capability and whether there are additional enhancements we can make in our vehicles. As always, we recommend that customers take practical steps to deter break-in and theft, such as locking doors, closing windows, parking in well-lit places, and avoiding leaving valuables visible."
Chrysler
"We are unaware of any confirmed cases of unauthorized entry to one of our vehicles using this device. We continually update the security features of our vehicles."
