RollJam, a $30 device to unlock the majority of car doors

Pierluigi Paganini August 09, 2015

RollJam is a $30 device designed to exploit a design flaw in the protocol that determines how keys communicate with car and unlock the majority of car doors.

The recent hacks of the Jeep Cherokee and the security patch issued by Tesla for its model S have raised the discussion on the car hacking.

Now, security experts have revealed a new type of car hack that could allow an attacker to unlock almost every car or garage door. The researchers presented RollJam, a cheap device composed of a microcontroller and a battery. RollJam is capable to unlock any car or garage door, it is easy to use and costs under $30.

RollJam exploits security vulnerabilities in the wireless unlocking technology that is currently implemented by the majority of car manufacturers.

Keyless cars thefts is rising 1

Keyless entry systems allow car owners to unlock the vehicle remotely within a range of 20 metres.

RollJam was designed to steal the secret codes, also known as Rolling Code, that is generated by Keyless entry systems when the car owner presses the unlock or lock button on his wireless key. The Rolling code is a one-time code randomly generated and sent over a radio frequency to the car when the car owner presses the button of its key fob.

When the Rolling code is used the car generates a new one to use for the next time.

How does RollJam work?

The principle is simple, when the car owner presses the key fob to unlock the car, RollJam used its radio frequency to block the signal and then records it.

The car will never receive the code and the car owner likely will press the button again. When the button is pressed the second time, the RollJam again jams the signal and record also this second code, meantime it reply to the challenge mechanism by providing the first code it intercepted, unlocking the car.

When the victim parks the vehicle in his/her car, you can use that stolen signal to unlock the car. “Because I jammed two signals,” Kamkar said, “I still have one that I can use in the future.

Who is behind RollJam?

Of course one of the most talented hackers, Samy Kamkar, which invented numerous hacks in the past like the Combo BreakerOpenSesame and KeySweeper.

As confirmed by the notorious hacker, the RollJam works on several carshe discovered that the attack works against widely adopted chips, including the High-Security Rolling Code Generator made by National Semiconductor and the KeeLoq access control system from Microchip Technology.

Among the car makers vulnerable to the RollJam device there are Chrysler, Fiat, Honda, Toyota, Daewoo, GM, Volvo, Volkswagen Group, and Jaguar.

As we have anticipated at the beginning of this post, RollJam also works against some garage-door openers, including the Rolling Code Garage Door Opener manufactured by King Cobra.

As explained by the expert, in order to secure the Rolling code have to implement the code expiration after a specific amount of time. In alternative, it is suggested to mitigate RollJam by using a unique chip for every different car. Kamkar will provide details of it hack at the hacker conference DefCon in Las Vegas.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Rolling code, hacking)



you might also like

leave a comment