Beware: How Hackers are Magically Opening Garage Door

Technology Doesn’t Need to Be Magic

Arthur C. Clarke, author of 2001: A Space Odyssey, stated that “any sufficiently advanced technology is indistinguishable from magic.” When a hacker is able to open your garage door remotely with little effort, it comes across as someone breaking into your home by waving a wand and saying “open sesame.”

When Arthur C. Clark referred to technology as magic, he was speaking about his third law of discovery. However, his quote hits home for all different types of exploits that hackers can use to compromise the security of technology that appears safe and innocuous, such as remote garage door openers. Instead of considering hacker technology as magic, learn about how it works and prevent attacks from happening to your own home.

Reduced Security

Garage doors were pretty straightforward until the post‑WW2 era. Although first invented in 1926, electric openers only became popular after the war was won. These initial innovations consisted of a closed wire system that linked the door with a button that could be pressed while inside the car.

As radio technology progressed and the first set of wireless remotes were being developed, garage door openers adapted this new technology into the system, allowing the driver to carry the remote with them wherever they go. The first set of remotes transmitted a simple code along a common frequency and the first garage doors to use this technology used the same frequencies and codes, which allowed one opener to access all garages.

Forced to adapt, the manufacturers of remote garage door openers put in a series of dipswitches set to the “on” or “off” position, which acted as the code. This fixed code technology worked well because a series of 12 dip switches create 4,096 possible settings, requiring a lot of time to find the settings that open the door.

However, contemporary computers can cycle through 4,096 possible settings in less than a blink of an eye. Aided by computers, thieves can bypass fixed code remotes quickly by resorting to a “brute force” that quickly floods the receiver with all the possible combinations until the right one opens the door.

Hacking a Fixed Code Remote Garage Door: Child’s Play?

Using a pink, plastic, discontinued text messaging toy manufactured by Mattel, security expert Samy Kamkar was able to easily modify the device to perform a brute force hack on his own garage door. All it took was an inexpensive antenna add‑on and an open source hardware interface that allowed him to tweak the software of the toy.

At first, the device took just under half an hour to send each potential opening signal. Over time, he tweaked the setting, applying mathematical algorithms that reduced the amount of guesses required and other design features to lower the duration of a successful attack to less than a minute.

Appropriately, he calls this device “OpenSesame”. Unlike his other projects, which include taking over drones wirelessly, Samy released his code publicly to get manufacturers to alter their remote control devices for greater safety. Due to the fact that he considers his home hacks as dangerous, he altered the code to make it unusable for common criminals.

Rolling Code Remotes Reduce the Risk

One way that manufacturers have combatted brute force attacks is through rolling codes, which changes the code every time the remote control is used. This makes a correct guess exceedingly unlikely, while combatting against brute force hacks.

However, Samy has developed a method of getting around rolling codes, which he called the “Rolljam”. A pair of radios jam the signal while a third device steals the code that was used in an attempt to open the door. The fact that the receiver doesn’t get the signal prevents the system from rolling over to the next code, enabling the hacker to use the stolen code without rollover.

In addition to remote garage door openers, this hack has been successfully used on remotes for cars as well, including Volkswagen, Ford and Toyota vehicles. After Samy revealed the latest hack, remote manufacturers changed the system once again, this time making the codes expire quicker.

Protect Your Garage From Hacks

Older garage doors use the fixed code system. In fact, doors that aren’t a decade old still use fixed code systems. Search the manufacturer and the model of your garage door opener to ensure that the remote uses rolling codes, Security+ and other systems that aren’t easy to hack. You can even open the remote itself to see if it contains dip switches, which is a dead giveaway that your door isn’t secure.

If your remote opener is vulnerable, or if you’re looking to replace your garage door, contact us at Environmental Door to find out more about the safety features built into new installations, including Security+ and rolling code remote openers. Remember that technology only appears to be magic when you don’t learn about the machinery behind the curtain.