Wednesday, September 9, 2015

News: $30 device allows thieves to steal your car

As cars have become more sophisticated, largely becoming rolling computers that are increasingly able to take over many of the tasks of the daily commute, so too have the thieves who steal them. In the old days, car thieves relied on mechanical tools like slim jims, screwdrivers, and pliers or sometimes just brute strength to break into and hot wire a car to steal it, but nowadays, with most cars using push button starting or some form of rolling code immobilizer, some much more sophisticated equipment is required, or so we thought.

Clever hacker Sammy Kamkar has created a device, costing about $30, that is not only capable of allowing someone to steal your car, but also allows them to open your garage door so that they can get at your car in the first place. Known as RollJam, the device jams and intercepts radio signals to allow an unscrupulous car thief the ability to acquire a valid code from your vehicle or garage door remote. The way it works is actually quite clever.

Modern "rolling code" systems, such as those used in garage doors or transponder keys, randomly generate a new code each time the remote is used and any previously used code is rejected. In theory, this prevents the traditional intercept and re-transmission of a code that many car thieves have been using for years. RollJam takes things further by actively jamming the signal from the remote from reaching its intended destination while storing the code that is transmitted. Because the jammed signal means that the valid code was never used, that stored code can then be transmitted and used to open the garage door or steal the car. All an enterprising thief needs to do is attach the RollJam device on or near the target vehicle and retrieve it later full of stolen codes.

To protect against this, some manufacturers have started to go one step further and set their rolling codes to expire after a short period of time. Taking the added precaution prevents this particular method of interception and reuse from being effective against those vehicles. Cadillac, for one, is using this system in their newest cars and I would expect to see other manufacturers do the same in coming years.

The fortunate thing is that Kamkar has publicized this in a way that should get automakers to do something about it. Since such a glaring security vulnerability was made so public, I would not be surprised to see automakers moving quickly to try to eliminate the problem from their fleets. It also does not hurt that this presents them with yet another opportunity to sell you, dear consumers, a new car.

To learn more about RollJam, check out the original article at