Cyber carjackingEasy-to-get tools allow hackers to open garage doors, take over cars

Published 17 August 2015

Pro hacker Samy Kamkar, speaking at the DEF CON event, described how last month he opened a garage door with an easy-to-get text messaging box, and then gained access to the car inside the garage by using General Motors’ RemoteLink app, and turned the engine on. The security of this system has since been beefed up, but this demonstration showed that the car manufacturers have a long way to go on securing their cars against crafty hackers.

Samy Kamkar speaking at a Black Hat convention // Source: commons.wikimedia.com

Pro hacker Samy Kamkar, speaking at the DEF CON event, described how last month he opened a garage door with an easy-to-get text messaging box, and then gained access to the car inside the garage by using General Motors’ RemoteLink app, and turned the engine on.

Kamkar attributing the success of his hacks to poor radio security and absence of basic defenses on the systems he breached. The Register reports that the text messaging box by Mattel provides hackers with useful items like a chipset from Texas Instruments and gigahertz transceiver, as well as circuit board pins which allow for the device to be reprogrammed as intended for theft.

Kamkar found that wireless garage doors required a 12-bit access code to open. Finding the right code out of a maximum 4,096 combinations would take no longer than half hour to transmit – which is too long and might arouse suspicion. He further discovered that cutting the fob’s transmission repetition and interval reduced the transmission time to just three minutes – and that using an algorithm developed by a Dutch mathematician reduces the number of bits, thus bringing down the transmission time to eight seconds, which is good time for committing a crime.

To hack the car, Kamkar decided to go in via RemoteLink, which is a mobile app that enables cars to be connected to the Internet and be remotely contacted and controlled. He found that the system did not use cryptographic certificates to confirm that the app was communicating with a real GM car. He built a contraption that posed as a car, and when someone nearby used the app, the software would get in touch with his gizmo rather than the vehicle. This gave him enough information to connect to the car, pretending to be the smartphone app, and take control of the motor. By spoofing the RemoteLink software, he was able to track the vehicle as well as unlock the doors and start the engine, though he could not drive it since that requires a key.

The security of this system has since been beefed up, but this demonstration showed that the car manufacturers “have a long, long way to go on securing their cars against the crafty,” the Register concludes.