Car makers came up with "rolling code" after thieves figured out how to wirelessly steal codes from early keyless devices. The system works by changing the passkey every time you use a fob, preventing it from being used a second time. In theory, that makes any stolen code useless to an attacker. As with many of his hacks, Kamkar's workaround is simple yet ingenious. Rolljam blocks the remote signal from reaching the vehicle with a pair of radios, then uses a third one to record the wireless code.
My own car is fully susceptible to this attack. I don't think that's right when we know this is solvable.
Naturally, the mark will try to use the fob again, and once again, Rolljam will jam the signal and steal the second code. But this time, Kamkar's device will re-transmit the first code and unlock the car, so the victim thinks everything's alright. Since your vehicle didn't receive the second code, however, it can now be used by a thieves to steal your car anytime they want. If the device is placed in proximity of a car or garage, it can keep stealing and retransmitting codes, ensuring it always has a fresh, working one.
Other researchers have built devices that can hack vehicle locks in a similar way, but Kamkar is the first to automate the method. His prototype works on vehicles from Nissan, Ford, Toyota, Volkswagen and others, along with numerous brands of garage door openers. Car companies say they've been aware of the issue for awhile, and some have switched to a new system where the codes expire quickly, defeating Kamkar's hack. But he told Wired that he released details of his attack at Defcon to force car and garage companies to upgrade older products as well. "My own car is fully susceptible to this attack. I don't think that's right when we know this is solvable," he said.
[Image credit: Samy Kamkar]