Get ready for a lot more scary news about new hacking threats. DefCon is the biggest "white hat" hacking conference in the world. It's also the most prestigious platform for cybersecurity experts to reveal the latest weaknesses in our electronic gadgets. Ahead of the conference, which started Thursday in Las Vegas, one good guy hacker unveiled the first of what will likely be many very disturbing threats.
His name is Samy Kamkar, and he's the same guy who uncovered a security flaw in OnStar that lets hackers lock, unlock and start your car. He's also the guy who hacked a child's toy into a universal garage door opener and created an algorithm that can open any Master combo lock. I showed it to you on my video page:
Kamkar doesn't expose these flaws to make it easier for criminals to steal stuff. He's trying to help companies fix the holes in their security and raise awareness of security issues. His newest terrifying trick is a little gadget built out of $32 worth of electronics.
It can open almost any car with a remote key-fob radio AND almost any garage door. His tool is called "RollJam," and it beats one of the key security features of most electronic locks with a simple workaround.
Almost all electronic car locks and garage doors use a system of rolling codes to prevent somebody from just duplicating the signal sent by your key fob or garage door opener. Every time you unlock your car or open the garage, the code changes and can't be used again. The next time it's a new code, then a new code, then a new code.
RollJam works by first of all jamming the signal from your key fob or opener. Then it records the signal you tried to send, but didn't. The victim naturally assumes the signal just didn't go through for some harmless reason and presses the button again. This time, RollJam jams the signal again, records the new one, but also broadcasts the first signal it had saved. Your car unlocks and you think nothing is wrong.
RollJam can do this more or less forever, no matter how many times you press the button. It's always one step ahead. Then, when you're not around, the hacker can come back, signal the RollJam to open the car or the garage door, and boom. He's in.
Kamkar has tried it with Nissans, Cadillacs, Fords, Toyotas, Volkswagen, Chrysler and more. He's also used it on Genie and Liftmaster garage door openers and Viper and Cobra alarm systems. The only drawback to RollJam is that it needs to be in proximity to your car or garage door. But it's small enough that it can be easily attached to your car or hidden near your garage door.
Right now, the only way you'll notice is if it takes two presses on your button to unlock your car or open the garage door. But again, this could be caused by anything, not just a hacking gadget. How many times has that happened to you?
Hopefully manufacturers take this into account and start beefing up their security. A spokesperson for Cadillac told Wired that they know about the method and recent models are protected. As it stands, there's no easy fix to this problem. You need to stay vigilant. Pay attention to your car and check it for electronic devices hidden, and also try and be aware if it takes two clicks to open.
Watch this video for more information about this serious security threat.