A device called “RollJam,” developed by security researcher Samy Kamkar, highlights a significant vulnerability in keyless entry systems for cars and garages. This Car Remote Frequency Scanner intercepts and replays signals, allowing attackers to unlock vehicles and gain access to properties.
How the Car Remote Frequency Scanner Works
The RollJam exploits a weakness in the rolling code system used by many keyless entry systems. It jams the frequency used by the car remote, preventing the signal from reaching the vehicle. Simultaneously, it intercepts the code transmitted by the key fob. While the owner repeatedly presses the button, believing the signal is not being received, the RollJam stores the subsequent code. Later, the attacker can use the stored code to unlock the car or garage.
This vulnerability affects a wide range of vehicles and garage door openers. Kamkar successfully tested the device on brands like Nissan, Cadillac, Ford, Toyota, and more, along with popular garage door opener brands like Genie and Liftmaster. He estimates millions of vehicles and garages could be vulnerable due to the use of Keeloq and Hisec chips in their systems.
Figure 1: The RollJam device, capable of intercepting and replaying car remote signals.
Manufacturer Responses and Potential Solutions
While some manufacturers like Liftmaster and Volkswagen declined to comment, Cadillac acknowledged the known vulnerability and claimed newer models utilize updated systems. Kamkar confirmed that the latest Dual Keeloq chips incorporate expiring codes, rendering the RollJam attack ineffective.
This highlights a crucial point: implementing expiring codes significantly enhances security. Two-factor authentication systems commonly used in online security already utilize expiring codes, demonstrating a proven solution for this type of vulnerability.
Figure 2: Many keyless entry systems are vulnerable to frequency scanning attacks.
The Need for Enhanced Security Measures
Kamkar’s intention behind releasing the RollJam car remote frequency scanner is to urge car and garage door manufacturers to adopt more robust security measures. The widespread use of vulnerable rolling code systems without expiration mechanisms leaves countless users susceptible to attacks.
The RollJam serves as a wake-up call, demonstrating the urgent need for improved security in keyless entry systems. Upgrading to systems with expiring codes is a vital step in protecting vehicles and properties from unauthorized access. This incident underscores that relying solely on rolling codes without an expiration mechanism is insufficient for modern security needs.
Figure 3: Upgrading to systems with expiring codes is crucial for enhancing security.
