Renowned hacker Samy Kamkar, who came to the attention of U.S. Secret Service and Electronic Crimes Task Force in 2006, uncovered the glitch using a form of attack known as OpenSesame. Although the exploit only works on older models of garage door, there are still enough of them in use to make this vulnerability a concern.
“It’s a huge joke,” says Kamkar, who now works as an independent developer and consultant. “The worst case scenario is that if someone wants to break into your garage, they can use a device you wouldn’t even notice in their pocket, and within seconds the garage door is open.”
The hack works because the wireless code system works with 12 binary dip switches, meaning the most combinations possible are limited to 4096. Kamkar was able to design a brute force attack based on the De Bruijn sequence, and using the OpenSesame algorithm was able to crack the code in just over 8 seconds time.
To protect against the hack, Kamkar recommends upgrading to a system using rolling codes, rather than fixed ones.
“If you are using a gate or garage which uses “fixed codes”, to prevent this type of attack, ensure you upgrade to a system which clearly states that it’s using rolling codes, hopping codes, Security+ or Intellicode. These are not foolproof from attack, but do prevent the OpenSesame attack along with traditional brute forcing attacks.”
Kamkar uploaded a video to YouTube detailing how individuals and businesses can secure themselves against the flaw, and posted the source code over at Github. However, the code is useless to all but those with expertise in microcontrollers, since Kamkar deliberately bricked the code to prevent it being abused.
