Wireless Hack Opens Cars and Garages with £25 Radio Bits

By Gary Cutlack on at

A hacker looking into ways to bust open his own wireless keyfob system has come up trumps, claiming to be able to hack any remote unlocking tool with a system that records and retransmits signals from the target's key.

According to an amusing into to the RollJam concept by hacker Samy Kamkar, the new technique even works when deployed against the continually changing rolling codes used by carmakers these days, thanks to a clever system that records one attempt to wirelessly unlock a door while blocking the signal to force the owner to try again.

The cleverest part of the RollJam technique is that it records the signal from the first unlock press while blocking it so it doesn't reach its destination. When the target presses the unlock button again, the tool rebroadcasts this first signal while also blocking and recording the second -- making the victim think his second press has been successful. This then leaves the attacker with the unused recorded second code, still valid and usable to unlock the target thing.

The downside is the hacker needs to hide the recording device near enough to the target to record the signal when the owner attempts entry, but then the reward could be a wireless token that lets you unlock his or her car at will, meaning you could potentially eat all the Mini Eggs they have on the passenger seat even though it's nowhere near easter.

Kamar says he's successfully tested this rolling code theft concept on cars made by Nissan, Ford, Toyota, Volkswagen and others, claiming that "millions" of vehicles and doors may be open to this hack that he's... handed out. [Defcon via Wired]