Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Transportation Hardware Hacking Security

Latest Samy Kamkar Hack Unlocks Most Cars 97

msm1267 writes: Samy Kamkar has built a new device called Rolljam that is about the size of a wallet and can intercept the codes used to unlock most cars and many garage doors. The device can be hidden underneath a vehicle and when the owner approaches and hits the unlock button on her key or remote, the device grabs the unique code sent by the remote and stores it for later use. The device takes advantage of an issue with the way that vehicles that use rolling codes for unlocking produce and receive those codes. Kamkar said that the device works on most vehicles and garage doors that use rolling, rather than fixed codes.
This discussion has been archived. No new comments can be posted.

Latest Samy Kamkar Hack Unlocks Most Cars

Comments Filter:
  • Or just use the key (Score:1, Interesting)

    by glitch! ( 57276 )

    I have never had a car with a remote lock/unlock device. I suppose it might be handy at night, but I don't have any trouble using a key by feel, either. So it seems to me the easiest way to prevent a problem is just not to use the electronic unlock.

    Or don't worry about it. What are the odds that some bad guy will target your vehicle?

    • by Joe Gillian ( 3683399 ) on Thursday August 06, 2015 @05:50PM (#50266087)

      The real question is, what are the odds that a car thief is going to spend the money (likely more than $30 if they're buying from someone who knows how to make one) or the time to learn how to make one of these? The barrier to entry just to get one of these working (having to have technical knowledge to put one together, having to hide it under the car and get the owner to open it first and potentially notice the device when it jams their unlock signal) means that thieves will stick to the tried-and-true $5 wrench method rather than try one of these.

      • by lgw ( 121541 ) on Thursday August 06, 2015 @06:38PM (#50266319) Journal

        A thief will just smash a window or pop a lock. A detective, OTOH, will find this quite appealing, if they need to do a "sneak and peek". Want to search someone's car and leave no sign that you did?

        • by TWX ( 665546 ) on Thursday August 06, 2015 @07:35PM (#50266545)
          The best theft is one where the victim doesn't know that they were stolen from.

          The second best theft is one where the victim doesn't know when they were stolen from.

          The ability to quickly gain access to a locked place without leaving any sign that one gained access would be incredibly useful, especially in environments where valuables are routinely left in cars. Laptops and technical service tools would be big targets in-general, and some people in certain occupations would also be excellent targets for the privileged information that might be in a briefcase in an otherwise-securely-locked trunk.

          Then there's the issue of people that leave things in their cars, like copies of their housekeys, that could let a thief in to somewhere else that's more lucrative, or those that leave extra vehicle keys in vehicles so that once a locksmith would let them back-in to the car after they lose their primary keys, they could drive away.

          I can see this being an incredibly big problem depending on proliferation. It should at least require people to stop keeping expensive things in trunks that might have been somewhat safe through being hidden.
          • by Anonymous Coward

            WRONG.

            Oh, so very, very wrong.

            The best thief is one who not only convinces their victim to give them the item, but also that doing so rights some sort of long-standing wrong and the victim should be ashamed of themselves for ever having had said item in the first place.

            "Citizen, having this locked up is a blow for TERROR, but if you unlock it for me I will ignore it -- just this once."

            That's how you do it, sonny.

        • by Trogre ( 513942 )

          I disagree. A car with no visible signs of forced entry will sell better on the black market.

          • by Anonymous Coward

            Most cars on the black market are on the black market as car parts.

            Since the manufacturers discovered that at retail, a consumer will pay three to four times (or more) for a part than could be charged when attached to an entire vehicle, the parts market is ideal. You discard the parts that carry serial number identification or just damage the serial numbers, and convert a car into twice or thrice it's former value.

            Only chumps sell stolen cars assembled. Without a plan, it's far too easy to trace the entir

          • No, that is just damage, the same as any other damage to a used car. Stolen cars are rarely sold, they're usually driven by the thief for a few days and abandoned. There is almost no "black market" for stolen cars. Most of them get parted out, and the parts are then sold on the "grey market" because individual parts are not traceable and don't require paperwork. Cars that are sold on the black market have to have all their numbers changed, which requires a "chop shop" that is actually just a regular auto sh

            • by lgw ( 121541 )

              There is actually a market for stolen cars - cars expensive enough to ship overseas after being stolen. Those cars are stolen with tow trucks, however. Tow trucks are rarely questioned - sometimes the spouse will even open up the garage door.

              I hear the practice is common enough that a Ferrari that is lifted to a certain angle (without a security code first being entered) will blow e-fuses and need carefully tracked replacement parts. (I have no idea how that works out in hilly areas, making me wonder how

              • All you need to detect tow condition is an attitude sensor. Anti-roll will engage when a modern vehicle is pulled onto a tow truck while in gear, based on the wheel movement; if the car can detect the vehicle angle then it can easily note that it is "rolling" uphill and engage an anti-theft fuse or other lock-out.

                You could probably add that aftermarket to most modern vehicles if you can get the anti-roll activation off the data bus.

      • by mjwx ( 966435 ) on Thursday August 06, 2015 @07:37PM (#50266559)

        The real question is, what are the odds that a car thief is going to spend the money (likely more than $30 if they're buying from someone who knows how to make one) or the time to learn how to make one of these? The barrier to entry just to get one of these working (having to have technical knowledge to put one together, having to hide it under the car and get the owner to open it first and potentially notice the device when it jams their unlock signal) means that thieves will stick to the tried-and-true $5 wrench method rather than try one of these.

        Considering most cars are stolen to be parted out, if it only costs $30 to get $5000 odd of parts, even the dumbest crims will figure the economics of that one out.

        This is a bigger problem in Europe where the car can simply be driven over the border and resold. It may cost 600 Euro to put a new lock and immobiliser system in, but you can sell it for thousands of euro in a variety of places in eastern Europe (not to mention the illegal car export industries that exist in these places).

        If you honestly dont believe that this technology will find its way into the mainstream criminals hands, just look at the number of card skimmers out there.

      • by AmiMoJo ( 196126 )

        This method has the advantage of not looking suspicious. The thief simply acts as if they were the car's owner and can rob it in broad daylight, and no-one will blink an eye. Car park security won't react like they would if the window was smashed. No car alarm going off. It's definitely attractive.

        Having said that, in the UK there have been a spate of thefts where people steal car body parts at night. They come along in the early hours of the morning, pop the bonnet open and simply remove the entire front o

    • I suppose it might be handy at night, but I don't have any trouble using a key by feel, either.

      You can get these little torches that fit on your key ring too. If you can't do it by touch. If you don't have a torch in your normal day-sack anyway (I do ; I'm a caver, I learned that lesson long ago).

      Far the bigger use of the remote (by my wife) is locating the car in the car park, because the remote also causes the car to flash it's lights. Then again, it's over 20 years since I had a car stolen or broken i

  • by Anonymous Coward

    This appears to be a long known attack, bundled up with a cute name and small hardware package. Nothing to be (newly) concerned about. Here's a blog post from a year and a half ago, for example: http://spencerwhyte.blogspot.ca/2014/03/delay-attack-jam-intercept-and-replay.html

    Aside: I don't know any professional or academic security researcher who takes Samy seriously. His work is almost entirely of this style, packaging prior knowledge and selling it with panache.

  • Most cars now have active (chipped) keys that will not let you start or sometimes even turn the key unless it sees the signal from the key. Those keys may also be necessary to put the car in neutral for towing.
    • Most cars now have active (chipped) keys that will not let you start or sometimes even turn the key unless it sees the signal from the key. Those keys may also be necessary to put the car in neutral for towing.

      Most cars have a manual method of switching to neutral. This is necessary because it simply doesn't make sense to cause thousands of dollars of damage to a car while towing simply because of an electrical problem.

      • by hawguy ( 1600213 )

        Most cars now have active (chipped) keys that will not let you start or sometimes even turn the key unless it sees the signal from the key. Those keys may also be necessary to put the car in neutral for towing.

        Most cars have a manual method of switching to neutral. This is necessary because it simply doesn't make sense to cause thousands of dollars of damage to a car while towing simply because of an electrical problem.

        Even if you can't get the car in neutral, it only takes a few seconds to jack up the car and put dollies under the wheels.

        • by mjwx ( 966435 )

          Most cars now have active (chipped) keys that will not let you start or sometimes even turn the key unless it sees the signal from the key. Those keys may also be necessary to put the car in neutral for towing.

          Most cars have a manual method of switching to neutral. This is necessary because it simply doesn't make sense to cause thousands of dollars of damage to a car while towing simply because of an electrical problem.

          Even if you can't get the car in neutral, it only takes a few seconds to jack up the car and put dollies under the wheels.

          Also most cars are 2 wheel drive. Even most "all wheel drive" cars are just front wheel drive with a transfer box that is disengaged until the electronics detect the front wheels slipping. So all you do is jack up the front and take the handbrake off.

    • by Anonymous Coward

      Why don't these electronic keys use a public/private key authentication system with nonce signing to avoid replay attacks?

      This is simple to implement and is very strong against this kind of attack.

    • Comment removed based on user account deletion
  • by bobbied ( 2522392 ) on Thursday August 06, 2015 @06:23PM (#50266249)

    For automobile manufacturers to start factoring in the time of day and keeping the "key" hidden...

    It works this way... You have an pre-shared key and you encrypt an ever changing sequence of messages, say something related to the current time of day or the "rolling code" thing they use now only the code rolls over time not when it's used. Then the "code" that worked 5 seconds ago, won't work in the future. That ends the "record and playback" messages from being seen as valid and all you need to have is a reasonably accurate scheme to advance time on both the car and the key fob. I imagine that regular resyncing of the clocks might be necessary, but I'm sure we can work something out where you "program" your key fob by inserting it into a port on your car or by using some RF backscatter power process the fob and the car can get into sync.

    It doesn't stop brute force attacks to recover the key, but it does make it time consuming and unlikely to be accomplished by some thief walking though the parking lot.

    • by msauve ( 701917 )
      So, a remote becomes like one of those security fobs (e.g. SecurID [wikipedia.org]) which instead of displaying a number on the LCD, transmits it to the car.
    • For automobile manufacturers to start factoring in the time of day and keeping the "key" hidden...

      A much more secure method would be a challenge/response protocol, the car sends an encrypted random challenge to the key, the key decrypts it, calculates a response to the challenge and sends the response back to the car. The car checks the response and if valid, it unlocks.

      There is no way to replay messages as long as the challenge is randomized, and the car obviously should not unlock if it receives a response to something other than the last challenge. There is no way to get the encryption key since i

      • I agree, the solution you suggest would be MUCH safer, but as you point out, this makes the fob a whole lot more complex (and power hungry).

        In fact both of the suggested solutions are not new concepts, but have been used in networks for years.

  • I need to slow down reading stuff... I quickly scanned the headline and saw:
    Latest Sammy Hagar track unlocks most cars...

  • If not, then ho-hum...

    Breaking into cars is easy... driving off with one without a proper key, when they have sophisticated anti-theft systems in place is considerably less so.

  • No power locks, no power windows (cranks), no power steering, no power...

    • I've had a perfectly good xbox 360 in the back seat of my car wide open since February. I also leave the keys in the ignition sometimes, always unlocked, and typically with windows down/t tops out.

      but hey, if you tried driving my 86 Mustang GT with bearings instead of bushings and the not so friendly motor, I wouldn't be surprised if you brought it back. especially with the headliner in the way of the mirror.

      "Nah man, you can keep this one."
  • This looks like a really good educational project to do with the kids. I googled all over for it but couldn't find schematics or how-to's. Seriously I presume an Arduino and a wifi card is more or less all one needs. What do I have to do, search on Silk Road? Anybody got the infos?
  • That works because manufacturers don't want (time, money, complexity...) to implement a system using a protocol based on a dialog between the key and the car. That would allow for instance the car submitting a random 64b number to the key. The key would have to cipher the number and send the result back to the car within a short time window (0.5"). Much harder to hack.
  • by wonkey_monkey ( 2592601 ) on Friday August 07, 2015 @02:37AM (#50267655) Homepage

    Latest Samy Kamkar Hack Unlocks Most Cars

    There are still plenty of old cars on the road. Do more than 50% of them have remote locking?

    • The hack also requires that the car's owner uses the keyfob to unlock the car too. I wonder how many people don't use them? I bought my car used and the previous owners had managed to lose all the keyfobs. I never bothered with replacing them and just use the key.

  • Bah (Score:5, Interesting)

    by LordWabbit2 ( 2440804 ) on Friday August 07, 2015 @03:27AM (#50267765)
    The don't get that technical here in South Africa. They just broadcast ANY other signal as you walk away from your car and hit the lock button on your remote. It interferes with your lock signal and the car remains unlocked. If you are not paying attention you don't notice that your car fails to lock and they are in. And no, they are not trying to steal the car, they just steal whatever you left behind in the car, most of them don't even bother trying to steal the radio. Unemployment is high, they steal what they can. It's gotten so bad they kick down your front door, alarms blazing, steal whatever they can grab and make a runner in the 5 minutes it takes armed response to get there (and yes, that's happened to me).
  • Because this requires jamming the original signal, this is detectable, otherwise, it is MITM. Jamming is typically very easy- you just have to generate enough energy to overcome the incoming signal- the difficult part is being able to intercept the signal in the presence of your own noise. There are ways to cancel out the noise (like noise cancellation headphones)- but it is a really hard problem, even if you know the exact "noise" you're putting out.

    This may push us faster into better types of keys, such

  • How many wheels do you really need to invent? Such devices were for sale for professional auto thieves at Warsaw marketplace a decade ago. They don't always work though if remote has separate buttons for lock and unlock.

  • Why not use a handshake - with a small amount of processing power in the fob, hidden key pairs could be used to authenticate just like SSH or HTTPS: the keyfob asks a computable question of the car and vice-versa - no amount of record/playback could get you in.

    This is getting toward being considered ancient tech in the IT world - surely car companies have techies who can achieve this.

You know you've landed gear-up when it takes full power to taxi.

Working...