Have you ever wondered why keyless remotes have to be programmed to a car before they work, or why your car’s remote never inadvertently unlocks another car in a crowded mall parking lot? It is because keyless entry and remote start systems use something called rolling code technology. The concept is simple. Every time a signal is sent from your remote to your car, a unique passcode is sent with it to verify the authenticity of the remote used to send the signal. Once a code has been used, it is never used again – preventing the possibility of someone snatching that code out of the air during transmission and using it to gain access at a later time. But this rolling code technology has a well-known flaw – one that, with a little help from you, makes it easy for someone to circumvent the entire system and access your property. All it takes is a $30 homemade device designed by privacy and security research Samy Kamkar.
If the device is being used against you, you probably won’t even know it. It works by blocking the signal from your remote the first time you attempt to use it. Since the signal never reaches your car’s onboard computer, the code sent with it isn’t scratched off the list and can be used later. To you, it appears your remote didn’t work, so you try again. This time, the device allows the signal and code to pass – leaving you to think nothing of it. Later on, the hacker using the device comes back and uses the stored code to unlock your car – leaving you with no explanation as to how your stuff came up missing from your locked car. Kamkar has tested his device on a variety of models from domestic manufacturers, including Ford, Cadillac and Chrysler, as well as models from Volkswagen and Nissan with success. Kamkar claims the solution to this vulnerability is as simple as implementing expiration periods on the rolling codes before they are transmitted.
Read on to see my interpretation of the device and its compenents.
Continue reading for the full story.
from Top Speed http://ift.tt/1N3LSjs
via IFTTT
Aucun commentaire:
Enregistrer un commentaire