Samy Kamkar identifies automotive vulnerabilities in notorious hacker's latest white hat crusade.
August 13, 2015
by PLANT Staff
PITTSBURGH — Well-known hacker and car enthusiast, Samy Kamkar, has built a device that can unlock most cars equipped with remote keyless entry by exploiting a basic vulnerability in car and garage key remotes that has been around for some time.
And it cost him just $32.
According to TechInsider, this is how Kamkar’s device works. Car and garage door remote controls use rolling codes to send signals to the car or garage. Each time the button is pushed, the remote sends a different coded signal, which is meant as a security measure to prevent a thief from copying the code and opening the door. But, the codes themselves don’t expire.
The wallet-size device, known as RollJam, is placed out of sight on a target car. When the owner pushes the button, RollJam jams the signal and doesn’t open the car. When the owner presses the unlock button a second time, RollJam records the second code and sends the first code to the car to open the doors.
Kamkar told TechInsider that it’s not the automakers to blame, but the company’s that make keyless entry computer chips because they have ignored the vulnerability. He has tested the device on different cars, including ones from Ford, Volkswagen, Chrysler and Nissan.
“This is not by any means brand new or a big surprise. The problem is no one has really demonstrated it, which is funny because the solution to this problem has been known about for more than 20 years online,” he said on the technology news website. “A lot of manufacturers haven’t cared to solve the problem because it didn’t seem like a big enough problem. Unfortunately, I think it is a big problem.”
He said the problem could be fixed easily by implementing expirations for the rolling codes.
Kamkar, 30, has made a name for himself as a privacy and security researcher, computer hacker, whistleblower and entrepreneur.
At 17, he co-founded a unified communications company called Fonality, which raised more than $46 million in private funding.
He’s best known for creating and releasing the fastest spreading virus of all time – the MySpace worm Samy, for which he was raided by the US Secret Service. And he created SkyJack, a custom drone that hacks into nearby parrot drones.
The 29-year-old hacker has also been able to take control over General Motors vehicles equipped with the automaker’s OnStar communication service. That device cost him about $100.
Check out the video below to see how Kamkar’s hacked his way into GM vehicles.
(Wired has reported that GM has been made aware of the vulnerability and fixed a patch in OnStar’s back-end to block hacking attempts from Kamkar’s device.)