If you own a modern car, there's a good chance it uses wireless technology to unlock the door. That's a nice feature, but it's also potentially a huge security vulnerability. A hacker can simply record the radio signal and play it back later -- a process known as a replay attack. To thwart that, most cars use a system that generates a new code each time you press the lock or unlock button on your key fob. The old code is then discarded, and the new one expires after a short amount of time. That's supposed to prevent hackers from just recording and replaying the same code over and over again, but the system has a flaw that researcher Samy Kamkar is exploiting.
His $30 device, called RollJam, steals those secret codes and can unlock nearly every car, according to Kamkar. It works by stealing the "rolling codes" that change with each use of the key fob's lock and unlock buttons. He says his system can convert those codes to the actual unlock codes used by the car.
To do that, the device emits two frequencies that are commonly used by these systems. It jams the original signal so the key fob can't get a response from the car. Then it records the signal, and broadcasts a second jammed signal that the key fob will mistakenly think is an unused code.
The device is built with a Teensy 3.1 microcontroller and two cheap CC1101 433 MHz RF transceiver modules. It's roughly the size of a wallet, but Kamkar hopes to shrink it down for future versions. He presented his research and the device at last week's Def Con conference.
