Modern car technology offers convenience and security, but it also introduces vulnerabilities. A recent revelation by security researcher Samy Kamkar has brought to light a significant flaw in car remote systems, particularly those utilizing older security chips. His device, dubbed RollJam, acts as a sophisticated Car Remote Scanner, capable of intercepting and exploiting the signals that lock and unlock your vehicle. This exposes millions of cars to potential theft, highlighting a critical gap in automotive security.
RollJam operates by jamming the signal from your key fob while you attempt to lock your car. Simultaneously, this car remote scanner intercepts your key code. Unbeknownst to the car owner, when they press the lock button again, RollJam allows that second signal to pass through, effectively locking the car. However, the crucial difference is that RollJam has stored the first intercepted code. This stored code becomes a valid, unused key, ready for the attacker to unlock the vehicle at their convenience. As Kamkar explains, “It will always do the same thing, and always have the latest code… And then I can come at night or whenever and break in.”
Kamkar’s testing of this car remote scanner has been alarmingly successful across a range of popular vehicle brands. Nissan, Cadillac, Ford, Toyota, Lotus, Volkswagen, and Chrysler vehicles were all found to be susceptible. The vulnerability extends beyond cars, also affecting Cobra and Viper alarm systems, as well as Genie and Liftmaster garage door openers. The widespread nature of this issue suggests that millions of vehicles and garage doors are potentially at risk. The root of the problem, according to Kamkar, lies in the prevalent use of Keeloq chips, manufactured by Microchip, and Hisec chips from Texas Instruments in these systems.
Responses from car manufacturers have been varied. While Liftmaster and Volkswagen declined to comment, and Viper stated they were investigating, Cadillac acknowledged the method as “well-known” to their cybersecurity experts. Cadillac suggested that the vulnerability primarily affects older models, claiming newer Cadillac models have implemented updated security systems.
However, Kamkar’s work isn’t entirely novel. Security researcher Spencer Whyte had previously demonstrated a similar “delay attack” method. Kamkar’s innovation with RollJam is in refining and automating this attack into a more user-friendly and easily deployable device, intending to release the code publicly to emphasize the urgency of the issue.
The vulnerability RollJam exposes isn’t insurmountable. Newer versions of Keeloq chips, known as Dual Keeloq, incorporate expiring codes that effectively thwart this type of replay attack. Kamkar’s intention with releasing RollJam is to serve as a stark demonstration to automotive and garage door companies. He aims to compel them to adopt these more secure, expiring code systems, moving away from outdated systems that leave customers vulnerable to car remote scanner attacks.
Kamkar draws a parallel to online security, noting that two-factor authentication systems routinely use rapidly expiring codes. He argues that the automotive industry lags behind in security practices by continuing to rely on vulnerable rolling code systems without code expiration. RollJam is a “gauntlet thrown down,” a definitive proof of a solvable problem that continues to put car owners at risk. Even Kamkar himself admits his own vehicle is susceptible, underscoring the widespread and personal nature of this security flaw, and the urgent need for industry-wide upgrades to protect against car remote scanner threats.
