Slashdot Mirror

← Back to Stories (view on slashdot.org)

Opening Fixed-Code Garage Doors With a Toy In 10 Seconds

Posted by Soulskill on from the your-cardboard-boxes-and-broken-sleds-are-not-safe dept.

Trailrunner7 writes: It may be time to upgrade your garage door opener. Security researcher Samy Kamkar has developed a new technique that enables him to open almost any garage door that uses a fixed code–and he implemented it on a $12 child's toy. The attack Kamkar devised, known as OpenSesame, reduces the amount of time it takes to guess the fixed code for a garage door from several minutes down to less than 10 seconds. Most openers in commercially available garage door openers have a set of 12 dip switches, which are binary, and provide a total of 4,096 possible code combinations. This is a highly limited keyspace and is open to brute-force attacks. But even on such a small keyspace, those attacks take some time.

With a simple brute-force attack, that would take 29 minutes, Kamkar said. To begin reducing that time, he eliminated the retransmission of each code, bringing the time down to about six minutes. He then removed the wait period after each code is sent, which reduced the time even further, to about three minutes. Looking to further reduce the time, Kamkar discovered that many garage door openers use a technique known as a bit shift register. This means that when the opener receives a 12-bit code, it will test that code, and if it's incorrect, the opener will then shift out one bit and pull in one bit of the next code transmitted.

Kamkar implemented an algorithm known as the De Bruijn sequence to automate this process and then loaded his code onto a now-discontinued toy called the Mattel IM-ME. The toy was designed as a short-range texting device for kids, but Kamkar reprogrammed it using the GoodFET adapter built by Travis Goodspeed. Once that was done, Kamkar tested the device against a variety of garage door openers and discovered that the technique worked on systems manufactured by several companies, including Nortek and NSCD. It also works on older systems made by Chamberlain, Liftmaster, Stanley, Delta-3, and Moore-O-Matic.

105 comments

  1. Simply use a smart power outlet by bagboy · · Score: 2, Interesting

    and an app on your phone that you can turn on/off via wifi. Not foolproof, but certainly better.

    1. Re:Simply use a smart power outlet by Anonymous Coward · · Score: 0

      I've never seen an app for that on F-Droid.

    2. Re:Simply use a smart power outlet by Anonymous Coward · · Score: 0

      this is it. a workaround is put your garage opener on a power switch in the house. now power = no open/close.
      adds another step to put the car in the garage but I've been doing this for years.

    3. Re:Simply use a smart power outlet by Anonymous Coward · · Score: 0

      I've never seen an app for that on F-Droid.

      if this than that. IFTT would have that capability depending on the brand of power outlet. The power outlet itself would probably have its own app as well.

    4. Re:Simply use a smart power outlet by dslbrian · · Score: 1

      Indeed, inline one of these with the door opener.

      It can probably be rigged to automatically disable at night. Even better would be to disable anytime the controlling phone is out of WiFi range (not sure if that's possible).

  2. They still sell those? by Overzeetop · · Score: 4, Insightful

    It's been several years since I bought an opener...and even then I can't remember seeing a major brand that wasn't a paired-system remote.

    --
    Is it just my observation, or are there way too many stupid people in the world?
    1. Re:They still sell those? by JBMcB · · Score: 1

      That's what I was thinking. Cars with built-in garage door openers have supported paring/tumbling codes for at least 20 years.

      I'm guessing there are a LOT of old garage door openers around.

      --
      My Other Computer Is A Data General Nova III.
    2. Re:They still sell those? by Anonymous Coward · · Score: 0

      Exactly, I haven't seen an opener with dip switches for setting a code since the 1970s. I wonder how many actual doors this guy could open with this old school design hack? Everything has been rolling code for a long time now.

    3. Re:They still sell those? by Anonymous Coward · · Score: 0

      Garage door openers often last a REALLY long time. The one in my moms house is like 50+ years old and it still works perfectly. it doesn't even have a remote control..just a button inside and a key switch (like a door lock...insert key and turn to activate) on the outside.

    4. Re:They still sell those? by RenderSeven · · Score: 2

      Yep. I havent seen a fixed code DIP-switch remote for 20 years. And the last door I hacked with one only took 10 minutes brute force guessing. Even if its 29 minutes, who needs a hack? And, to do it in 10 seconds you need to know the frequency in advance.

      If you're looking for a hack for the IM_ME this Spectrum Analyzer mod looks downright cool and possibly even useful. Pretty wide frequency response too.

    5. Re:They still sell those? by Anonymous Coward · · Score: 0

      It's been several years since I bought an opener...and even then I can't remember seeing a major brand that wasn't a paired-system remote.

      You didn't see a major brand that didnt *offer* a rolling code style remote, but almost all of them (especially if you walk into any retailer and look for the cheapest opener you can find) DO sell the dip switch style systems still in their entry level products. How else do you expect them to get a premium price for the rolling code style systems?

    6. Re:They still sell those? by Anonymous Coward · · Score: 0

      I would really love to know what brand you're using that lasts "a really long time". I see the average life span to be around 10 years.

    7. Re:They still sell those? by Anonymous Coward · · Score: 0

      I fail to see how rolling code addresses brute force attack. You are just guessing current rolling code instead.

    8. Re:They still sell those? by Tailhook · · Score: 1

      I replaced a fixed code system about 10 years ago. I'm sure there are plenty of old ones still in use, but this claim that "most openers in commercially available garage door openers" are still using these ancient techniques is bogus.

      Neat hack, but it isn't the revelation this misleading story claims.

      --
      Maw! Fire up the karma burner!
    9. Re:They still sell those? by stilwebm · · Score: 2

      Most garage door openers built in the last 20 years do not use the DIP switch codes. Since the mid 1990s, most manufactures switched to shared codes with a larger keyspace (~35bit) - using the "learn" button on the opener - and in early 2000s switched to rolling codes to limit code interception vulnerability.

      Of course most garage doors are a quick pry bar movement away from opening, so security is all relative.

    10. Re:They still sell those? by Anonymous Coward · · Score: 0

      I bought an '89 house with old dip switch opener still. Was on off brand but Genie 12 bit compatible.

    11. Re:They still sell those? by Bob+the+Super+Hamste · · Score: 1

      I have a Chamberlain 3/4hp one and it is probably getting close to 20 years old now. The only issues I have had with it are that I needed to replace the springs about 5 years ago and a couple of years ago I had to replace the stupid plastic gear that the worm gear turns because it got stripped out.

      --
      Time to offend someone
    12. Re:They still sell those? by Hussman32 · · Score: 1

      My house has the original opener that isn't rolling, it was built in 1983. Rolling code technology came out in 1993, which really isn't that long ago considering how often you need to replace them.

      --
      "Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
    13. Re:They still sell those? by Scotsman,+True · · Score: 0

      Wait a minute, you mean Slashdot is using hyperbole to get eyeballs? Say it ain't so!


      ;)

    14. Re:They still sell those? by Anonymous Coward · · Score: 0

      Hmmm, wonder if their quality is still holding in their new stuff. If so, when my current one goes might have to try them out. Can't remember who made my current one, but piece of crap. It's got one of those keypads, every time I program it, the keypad forgets the key in about a day.

    15. Re:They still sell those? by wcrowe · · Score: 1

      It's one of those appliances that lasts a long time and a lot of people don't think about it. I replaced my old style door about a year and a half ago, and the only reason I replaced it was because I installed it in 1995 and it suddenly occurred to me that it was easy to break into. Mechanically, the old opener worked perfectly. I am glad the new door installer wanted the old unit (he builds automatic flag-raising systems with them). At least the old unit didn't go to waste.

      --
      Proverbs 21:19
    16. Re:They still sell those? by Anonymous Coward · · Score: 0

      I have one. It's a Sears brand (pre-Craftsman) and uses dip switches.

      It may be easy to hack, but it's even easier just to kick open the side door and push the button. So I don't think it really matters.

    17. Re:They still sell those? by Anonymous Coward · · Score: 0

      And that entry level one is what a builder will pick. Besides that, go check out some houses, few of them have openers that aren't 10+ years old. These things last.

    18. Re:They still sell those? by TWX · · Score: 1

      I just took down an opener that was original equipment on my house from '79, an Allister Type IIA that was branded as a Delden Type II. It was on an accessory building so it did not need to have the sensors that doors on homes have to have, and it didn't even have a built-in receiver, one had to be added on extra if one wanted to use a radio control.

      I replaced it because I needed more ceiling clearance, so I went with a jackshaft opener. It was working fine when I took it down.

      The unit on the house itself is also pre-rolling-code, but has the capability of using the sensors for objects in the door path. A rolling-code receiver has been added and the original fixed-code mechanism disabled. I think it also dates to '79.

      --
      Do not look into laser with remaining eye.
    19. Re:They still sell those? by American+AC+in+Paris · · Score: 1

      Still plenty of openers from the 80's and 90's out there chugging away, and most homeowners aren't going to fix something that ain't broke. And while yes, a 10-second skeleton opener is "broke", that's still longer than it takes a practiced hand to pop a door or window open. Many folks are comfortable enough relying on the fact that doing either of these things lands you in very hot water with the local authorities that they're not too worried about not having reinforced locks and barred windows.

      --

      Obliteracy: Words with explosions

    20. Re:They still sell those? by jep77 · · Score: 2

      Rolling code alone doesn't address it. The length of the code is key. A MARCSTAR document from 1997 cites the code as 40 bits, over 1 trillion possibilities. If you could transmit 10,000 tries per second, it would take over 3 years to try all the possibilities. Even if you got lucky and hit the right code in the first 1% of attempts, it would still take almost 2 weeks of trying.

    21. Re:They still sell those? by Anonymous Coward · · Score: 0

      So you put a sensor to read their code and you rob the place tomorrow.

    22. Re:They still sell those? by neoritter · · Score: 1

      The one on my parents' garage is going on 20 years now. Don't know the brand off the top of my head sorry.

    23. Re:They still sell those? by Anonymous Coward · · Score: 0

      Plenty of openers from the 80's/90's are just a bunch of 555 timers and relays, with the only "smart" parts being the radio receiver board and it's brick remote control.

    24. Re:They still sell those? by swb · · Score: 1

      I use the dead bolt contraption on my door when I go out of town (and unplug the opener). I don't know how strong it is against a really big pry bar or someone using a hydraulic jack, but presumably it would frustrate the average dipshit with a small prybar.

      Really, most residential garage doors are more about keeping the weather out and a psychological barrier than a real physical barrier. I would bet you could just knock them in pretty easily unless they are made of a stronger material.

      I'd love one of those steel, high-security rollup doors in its place but it's not worth the cost, at least where I live.

    25. Re:They still sell those? by ncc74656 · · Score: 1

      Yep. I havent seen a fixed code DIP-switch remote for 20 years.

      Maybe not for garage doors, but the gate remote for my neighborhood has a block of 10 DIP switches inside. IIRC, the first two or three are flipped one way and the rest are flipped the other way (wow! such security!). Mine was issued in 2000, but the system probably was installed in '97 or '98.

      --
      20 January 2017: the End of an Error.
    26. Re:They still sell those? by arglebargle_xiv · · Score: 5, Interesting

      I've seen the exact opposite, most openers are built using shitty Princeton 2262s, which sounds like what this guy hacked. Oh, and if you've been sold a fancy "rolling-code remote", open it up and look at the hardware, if it says 2262 on the chip (or one of the many derivatives) then you've been had (many so-called rolling-code remotes aren't, the vendors just claim they are).

      In practice it's even worse than the article points out, the switches are tri-state not binary but most vendors of remotes forget that so you go from 3^n to 2^n, and then they only use 8 of the 12 pins you can toggle on because they're on one side of the chip and they forget there's more around the other side. So you go from 3^12 to 2^8 combinations, meaning you'll hit the right one after 128 tries on average. The receivers have no rate-limiting, so you can run them far faster than the vendor specifies and scan the code space in seconds. The novel thing in this case is the use of de Bruijn sequences, and the fact that he scans the entire code space in the same time a standard scanner takes for the (admittedly far too common) badly-designed ones.

    27. Re:They still sell those? by slipped_bit · · Score: 1

      Mine from 1983 is still going strong, too -- 32 years. I repaired it in 2001 when it stripped the gears. Also replaced a dried out motor capacitor at that time. It's also before the era of IR-beam sensors. It's from Sears, making it a re-branded Chamberlain or Lift-Master, as I recall.

    28. Re:They still sell those? by Demolition · · Score: 1

      My house has the original opener that isn't rolling, it was built in 1983. Rolling code technology came out in 1993 [wikipedia.org], which really isn't that long ago considering how often you need to replace them.

      Similar situation here. I have a side-by-side garage with two separate early-1980s openers manufactured by Overhead Door Company. Each opener came with two one-button remotes.

      One of the openers was damaged in 1994 (a roofing contractor backed into the door with his truck), so we ended up with the old fixed-code opener on the left door and a new rolling-code opener (also by Overhead Door) on the right. The new opener came with a pair of three-button remotes. Two buttons are strictly for rolling-code openers, but the third button can do both fixed- and rolling-code. Now, I can open both doors with one remote. Very handy.

      Anyway, the point is that some of these openers can last a long time. Like your opener, my remaining fixed-code example is verging on 33 or 34 years old. Considering how often it's opened and closed, it sometimes surprises me how it continues to operate so smoothly.

    29. Re:They still sell those? by undefinedreference · · Score: 1

      My parents have one with DIP switches from when the house was built, which was around the time I was born. No pressure plates.

      My girlfriend's grandfather has three of them, one for each of his three garage doors. I don't think any are newer than the mid-1980s, if that. One doesn't even have an optical sensor, none have the pressure plates.

      Most really don't do much work (that big spring up there is what is doing the work) and they're pretty simple, so I don't see any reason they shouldn't make it many decades. The problem is that the technology is laughably archaic and there has never been any incentive to make them better.

    30. Re:They still sell those? by Anonymous Coward · · Score: 0

      The "rolling" part means there's a new code tomorrow.

    31. Re:They still sell those? by Anonymous Coward · · Score: 0

      Difference is, if I hear my neighbour's garage door operating I'll ignore it.

      If I hear it being forced open I'll check out what's going on.

  3. There' a decent chance it's one of the big four by blueshift_1 · · Score: 2

    Let's be honest, just check all on, all off, and alternating starting at 0 and 1.

    1. Re:There' a decent chance it's one of the big four by Nukenbar · · Score: 1

      Haha. The code to my condo complex is #3.

    2. Re:There' a decent chance it's one of the big four by RenderSeven · · Score: 1

      Normally yes. But most of these were paired by the factory or professional installers who set them to more or less effectively random-ish codes. The few I've looked at had nothing I recognized as blatantly stupid.

  4. Re:So he built a garage door opener. by bill_mcgonigle · · Score: 3

    The algorithm work is a good insight. The use of the toy is probably just for press coverage purposes, which may be a good strategy to get the word out and nudge social pressure to improve the industry.

    All the hackers already know he probably could have build a transmitter with Sparkfun parts faster and for less money, so we should try to understand his methods rather than just dismissing them.

    Not every security researcher is a PR genius, but the odds are much better than a Slashdot AC.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  5. Bad men could do bad things with this tech! by Anonymous Coward · · Score: 0

    Bad men with bad intentions could do bad things with this technology!

    They could open your garage door and steal your car, or your power tools, or your bicycles, or your fishing equipment, or even your baseball bat and your baseball glove! Your golf clubs are not safe. The old IBM PC XT you keep in there would not be safe.

    Please, people, be careful! Watch out for bad men with bad intentions that could do bad things with this technology!

    1. Re: Bad men could do bad things with this tech! by Anonymous Coward · · Score: 0

      My parents never lock the door from the house into the garage. They just trust that thegarage door won't be easy to open. The reality is that they've always been safe because the world is an essentially safe and good place, but they like to think the garage door keeps them safe.

    2. Re: Bad men could do bad things with this tech! by ibpooks · · Score: 3, Informative

      Why does it matter? The garage probably has a dozen different tools and garden or sports implements hanging on the wall that would make opening the door a trivial exercise whether locked or not. A person willing to break into the house once would certainly have no problem doing it twice.

    3. Re: Bad men could do bad things with this tech! by Anonymous Coward · · Score: 0

      Why does it matter? The garage probably has a dozen different tools and garden or sports implements hanging on the wall that would make opening the door a trivial exercise whether locked or not. A person willing to break into the house once would certainly have no problem doing it twice.

      LOL. I recently bought a house. The seller gave us keys for the front door, but didn't have a key for the lock going from the house to the garage. The very day we got possession of the house, we went over there to check some things out, then left. When we left through the garage, we locked the door (forgetting we didn't have a key to it). We also forgot that when we were in there, we discovered that the front door has a deadbolt that has no outside key and we locked it.

      So when we came back, we could unlock the front door but not open it because of the 1-way deadbolt. Then we went to the garage and it was locked, and we had no key. So as I sit there in the garage wondering how to "break into" my own house, I debated 3 options
      1) call a locksmith (not cheap)
      2) kick the door in (damage the door frame...not cheap)
      3) drill out the lock on the door handle (probably the cheapest of the 3 options, but time consuming)

      As I'm trying to decide which option to choose, I start looking at the door frame to see how much damage #2 might do. As I do, I can see some light coming through between the trim. Then I notice I can see the latch for the door handle. I look to my right and there's one of those gardening weed puller tools. 5 seconds later, I'm back inside my new house, no damage done other than some trim popped out a bit more.

    4. Re: Bad men could do bad things with this tech! by Anonymous Coward · · Score: 0

      If the garage door had no deadbolt, you can pretty much open those with a credit card faster than you can with the key.

  6. Re:So he built a garage door opener. by sexconker · · Score: 1

    The only thing remotely interesting is the bit about the openers trying all codes in a rolling window.
    If you send 01010101010110101010100 it tests, 01010100, 101010100, 10101010, 0101010100, etc. It's essentially doing a find operation for the code (be it 8 bits, 12, or whatever) in the entire mess of shit that you send it.
    Knowing this, the only work you need to do in the attack is work out the timing of sending a string that contains all 4096 combinations.

  7. Ah sweet nostalgia... by fustakrakich · · Score: 2

    I remember the garage door opening and closing with every damn airliner flying overhead on finals.

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:Ah sweet nostalgia... by Anonymous Coward · · Score: 1

      A friend of mine did this in KC,MO in 1985 for a design lab project. Back then every garage door opener used dip switches to setup the code. He built a small transmitter powered 12V car port and used a DAC to do the binary count that was then transmitted as the code. He was a really bright kid and got his A in the class. He was also asked to dismantle it and never build it again. 8^)

      We tested it by driving through neighborhoods and letting it run in a loop. We could open just about every garage door on a street as we drive by. Not exactly a new idea. He just used a newer platform to run it on.

  8. Or... by SuperKendall · · Score: 1

    This really brings to mind the XKCD comic about the wrench and the password...

    You could spend a lot of effort hacking an opener OR just break a window and go in to get the better stuff.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Or... by Anonymous Coward · · Score: 0

      PROTIP: the feds don't "smash and peek" they "sneak and peek". They almost certainly already have this device.

      It brings to mind all the idiots who justify fraud to me by claiming "what they don't know isn't hurting them". A year from now when your wife goes to get the special occasion jewelry and... hm... maybe she left it somewhere else.

  9. Re:So he built a garage door opener. by antiperimetaparalogo · · Score: 1

    I am not a "hacher" (nor a burglair!), but it was baffling for me why he used a toy and not build it himself, so: good points about the "press coverage purposes"!

    --
    Antisthenes: "Wisdom begins by examining the words/names." - excuse my English, i am (slightly...) better with my Greek!
  10. CB Radio by krray · · Score: 1

    Ah, I remember the old days. Driving around the neighborhood and keying up the mic on the CB radio. One of the channels would open dozens of doors around the neighborhood...

    1. Re:CB Radio by 0bject · · Score: 1

      We had to unplug our garage door when we wanted to play with our RC car or the door would go up and down.

  11. Fun hack of dubious value by countSudoku() · · Score: 1

    Pretty cute to house it in a child's toy when you can go to the hardware store and buy a universal garage door opener remote for $30 which already has all the codes you would need and instructions on how to open every brand. Then, to get the "loot" (broken things, my awesome gas-power mower, various motoring fluids, sweet Guitar Hero guitars and a drum set (that's got to be worth $8), other low-tech child's toys, a shitty ladder, a shitty mop, and some other really shitty stuff) you merely have to disguise your rape van to look like a laundry delivery service van(or NSA surveillance van, your choice) so you can do your nearby attack, in the middle of the daytime. Good luck with that!

    There are some valuables inside the main house, but now you have to break in there too. Still, many folks consider this a viable option than to read some books, get some skills and make better money at a real job, but that's too hard. HAHAHAHAHA!!1! What dopes.

    --
    This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
    1. Re:Fun hack of dubious value by Anonymous Coward · · Score: 0

      It isn't the crap in your garage that thieves are after.

      A lot of people close the garage door but leave the pass door into the house unlocked. If you can open the garage door you are in the house with no damage to the exterior. You have all the time in the world to do what ever it is you went in to do. In my house you will find all kinds of tools that will get you through the pass door anyway so it doesn't really matter.

    2. Re:Fun hack of dubious value by PIBM · · Score: 1

      If the alarm system is activated (no one at home) and the garage door open and the rfid of one of the cars aren't detected in a specific amount of time (detection confirmation by opening the lights for the next 5 minutes) the silent alarm is triggered. Why isn't that standard ?

    3. Re:Fun hack of dubious value by Anonymous Coward · · Score: 0

      Because that awesome person known as YOU, has not commercialized it yet.

  12. Good Dog by pubwvj · · Score: 1

    This is when you begin to understand how much better a dog is than a garage door.

    1. Re:Good Dog by Bob+the+Super+Hamste · · Score: 2

      Unless that dog is my sister's fucking malamute. It thinks everyone that shows up is there to feed it or let it out to play.

      --
      Time to offend someone
    2. Re:Good Dog by jep77 · · Score: 1

      Wait a second... I left my garage door so I can park my car inside. If I lift my dog and then move the car forward, I'm going to smash into the house!

    3. Re:Good Dog by jep77 · · Score: 1

      Lift. I lift my garage door. Stupid vowels.

  13. or the old way by beefoot · · Score: 1

    Most garage door I've seen are secured with a simple latch. How about pry open the bottom of the door and pull it up. I'm sure it takes less than a few seconds. No?

    1. Re:or the old way by Gilgaron · · Score: 1

      Yeah, my neighbor's house caught fire when they weren't there and before the firemen went in a policeman opened the garage door with a pry bar in about 3 seconds reaching through the top. Looked like he disengaged the chain.

  14. He hacked the garage doors by Anonymous Coward · · Score: 0

    So how long before he is arrested?

    1. Re:He hacked the garage doors by mOzone · · Score: 1

      this has been out in other forms since 2000s https://myspace.com/householdh...

      if you dig around you can buy them prebuilt for police use etc etc

      police ones open tons of doors

  15. WTF? by Anonymous Coward · · Score: 0

    "To begin reducing that time, he eliminated the retransmission of each code" What? If you retransmit each code, it obviously will take twice as long as necessary. The article says "removing redundant transmissions", but that's rather vague And seriously, this malicious attention-seeker is in the news because he managed to defeat technology that was obsolete decades ago a bit faster than everyone who's done it before?

    1. Re:WTF? by Half-pint+HAL · · Score: 1

      Journalist fails to understand technology shocker! This is just another way of stating that the attack exploits the bit-shift behaviour.

      --
      Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
    2. Re:WTF? by Nonesuch · · Score: 1

      It's right in the summary, "...algorithm known as the De Bruijn sequence", named after the Dutch mathematician Nicolaas Govert de Bruijn, The algorithm is interesting and actually has a number of other practical applications beyond breaking weak codes.

      --

      I do not deploy Linux. Ever.
  16. This is why I don't like remote car locks by davidwr · · Score: 2

    Because in 10 years, I can't be sure that a "hack-resistant" car lock on the 2015 car buy today will be any stronger than these garage-door openers are now.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:This is why I don't like remote car locks by Anonymous Coward · · Score: 0

      Remote car locks are about convenience and safety, and possibly protecting the paint around your door handle.

      Stealing somebody's keys at the shopping mall used to provide little value because you'd have to first determine which car they belonged to by filtering by make and trying each by hand. Nowadays, keys have built in locator devices whereby you can press a button on the key and the vehicle will announce itself.

      It is a bit convenient to be able to open the car from a few feet away (say, from the couch when your spouse or kid needs to get something out of it, or inside after you've brought the groceries in in the rain), but I don't know if it is any more secure.

    2. Re:This is why I don't like remote car locks by Anonymous Coward · · Score: 0

      >and possibly protecting the paint around your door handle.

      One more bonus: Frozen lock cylinders don't keep you from getting in.

      That alone is worth having keyless entry for.

    3. Re:This is why I don't like remote car locks by Anonymous Coward · · Score: 0

      It only takes a minute to turn off the audible response for things like remote lock/remote start. The lights still flash, but at least it's silent. First thing I did when my dog went nuts the winter after I bought my car and used remote start to warm it up for my ride into work.

      That said, it's just a car. Take it. I have insurance and can get another.

      However, having your house broken into is psychologically scarring.

  17. Re:So he built a garage door opener. by Anonymous Coward · · Score: 0

    Of course it is for the press.

    Build a universal garage door opener using basic parts: "Of course he could do that - he's an electronics wizard. We don't have to worry - the common thug can't do that."

    Building it with a toy as base may actually be more work & more money, but: "He opens any garage door with a common toy! Panic! Soon, all burglars have that toy!"

  18. I sincerely hope... by chispito · · Score: 1

    I sincerely hope he didn't test it in a densely populated neighborhood. I imagine garage doors around the block opening and closing as he's standing there with his test unit, "Nope, let's try this... Nope, let's try this..."

    --
    The Daddy casts sleep on the Baby. The Baby resists!
  19. Why the garage ? by Anonymous Coward · · Score: 0

    A trip around the back side of the house and you can either force the door or a window in less time than this.

    Open the damn garage from the inside if you want it opened so badly.

    Yeah, we know fixed code is old and vulnerable. The doors and windows are even more so.

    Go old school and put your garage power head on a timer that only gives it power certain times of day, or just go buy a new one. They're not all that expensive

    1. Re:Why the garage ? by Anonymous Coward · · Score: 3, Interesting

      Wrong. You drive down any street with your toy and find a door that opens, you now know for sure you have access without ever leaving the getaway vehicle. Most people don't lock their inside garage door and the bad guys know this.

      No one even knows you opened the garage door, for all they know someone inside the house did.

      Once you go over the backyard fence, you've committed a crime, and you still don't know if you can actually get inside.

      Getting the garage door code minimizes your risk.

      I know to think this way because I used to live in a neighborhood destroyed by the housing bubble, crime, including drive by shootings, went off the charts, we had to start a block watch, and the local PD rep told us lots of scary stuff.

    2. Re:Why the garage ? by mattack2 · · Score: 0

      Most people don't lock their inside garage door and the bad guys know this.

      Citation needed.. Really?? I basically always lock all of my doors when I walk in the door, and I only put the "basically" in there for the literally one or two times I've forgotten and freaked out in the morning when I realized I didn't lock it.

    3. Re:Why the garage ? by amiga3D · · Score: 2

      He did say most, not all. Even then I doubt that it's most but I'd bet that it's a significant amount. Even if it's only 10 percent that's one out of 10. Not bad for quick and easy.

    4. Re:Why the garage ? by peragrin · · Score: 1

      I would put it closer to fifty percent.

      However once the garage is ready. You can then close the garage and work inside which muffles the sounds of breaking a lock and jam nicely. And even if some one hears something they can't see it.

      --
      i thought once I was found, but it was only a dream.
    5. Re:Why the garage ? by mysidia · · Score: 1

      Most people don't lock their inside garage door and the bad guys know this.

      Even if you do... the garage may be seen as a "great place to hide"

      If the thieves happen to know you're on vacation, they can get into the garage with the remote code.. close the door behind them. Cut power to the opener...

      And break-in at their leisure; using all the screwdrivers and power tools people often leave in their garage.

      Another concern is that in the event the bad guy set off a burglar alarm; no worries -- all they have to do is hang tight, bide their time while they locate and destroy or cut all the cables on the control box, and the police will come and leave, because; "Everything looks secure. No signs of forced entry. Looks like a false alarm."

      Once the authorities have been away for 15 minutes, proceed, with noone the wiser.

      Best to put a physical locking mechanism on that door that will require an assault that creates evidence of entry.

    6. Re:Why the garage ? by PrimaryConsult · · Score: 1

      Depends on the neighborhood... before I moved to an apartment building I had a roommate who lost his key. For months (eventually we gave up searching and got a replacement), we just didn't bother to lock the door unless we were both home.

      We would also regularly leave the back door unlocked.

      The cat escaped by opening the front door, and the actual door was wide open for hours that day.

      As has been said, the windows are a far more vulnerable target. If they decided to enter your home they are going to. Hell the first day my forgetful roommate got back without his key he simply opened the window on the porch and climbed in!

    7. Re:Why the garage ? by mysidia · · Score: 1

      I think most res. garage door openers these days are rolling code.... all the reasonably-rated openers i've seen for sale today are rolling code not fixed.

      On the other hand, even if you do have a rolling code opener it's likely vulnerable to.... the coat hanger attack on the backup release, which I understand takes a practiced person about 10 seconds and doesn't matter whether it's a fixed code or rolling code opener.

    8. Re:Why the garage ? by Anonymous Coward · · Score: 0

      I had a new garage door opener installed last month, and the company still can't get it to respond to a remote reliably. What's Kamkar's phone number?

    9. Re:Why the garage ? by amiga3D · · Score: 1

      New doors may be immune but how many 20 year or older doors are out there?

  20. It's very easy... by Anonymous Coward · · Score: 0

    I used to run a 100 watt linear amplifier on my CB radio, it would open garage doors, set off alarms, interfere (bleedover) TVs and radios, etc. Which is why I've unpluged my garage door opener.

  21. Oh, think of the fun... by Anonymous Coward · · Score: 0

    Attach one of these with a directional booster antenna to the top of a slow moving google maps car, and we'll see what REALLY goes on in the garages of America!

    Please remember to close it on the way out.

  22. It's just one long code by Anonymous Coward · · Score: 0

    How is that a "new technique"?

  23. How it's done in this neighbourhood by Maow · · Score: 1

    Thieves just take some type of sharp blade, cut a "V" shape into the garage door, reach in (likely with a hooked tool), pull the manual T-shaped handle that's connected with a rope to the locking latch mechanism, tug it, door's unlocked.

    I counted about 10 such damage marks between 49th and 54th Ave in one laneway.

    1. Re:How it's done in this neighbourhood by Darinbob · · Score: 1

      True. No one should rely on their garage door as a security mechanism. Don't keep valuables in the garage. If someone wants to steal your car then the best lock in the world won't keep them out if your door isn't steal or you have glass windows.

    2. Re:How it's done in this neighbourhood by Maow · · Score: 1

      Indeed.

      One neighbour, behind us, had their garage door sliced open on one occassion, and on another had the car in their car port broken into.

      The thief was a particularly nasty prick, as they used a pry bar to pry the driver's door open, using the roof as a fulcrum.

      The door was bent enough to reach inside and the roof was dented.

      When all the thieving bastard had to do was break glass. Thousands of dollars damage instead of low hundreds.

      Prick.

      Another neighbour, two doors up from them, had their door sliced and the freezer full of food in there was emptied. Frozen food!

      I had my catalytic converter stolen...

      I hate thieves.

  24. Doing things the hard way. by Anonymous Coward · · Score: 0

    Sounds like more trouble than just breaking into my garage.

    Doesn't seem like time to upgrade anything.

  25. 2012 called by mOzone · · Score: 1

    https://myspace.com/householdh...

    http://www.shomer-tec.com/inde...
    use to sell one that would do any older door in under 2 mins

    and a couple of other websites showing code transmit open/close errors etc etc
    dude didnt have to alter-code this is been out there for around 12 years

  26. I know what I'm doing this weekend by Anonymous Coward · · Score: 0

    I bought two of those IM-ME brand new a few years back for about $10. Time to pull them out and have some fun.

  27. Actually, it's ternary. by Anonymous Coward · · Score: 0

    The DIP switches in the remotes I've seen have three positions - low, mid, and high.

    Okay, so it's 3^12 instead of 2^12 combinations.

  28. Not a big deal by sk999 · · Score: 1

    Hacking my garage door opener is the hard way in. The left garage door and side door are both unlocked and open much faster. It's detached from the house - all you could steal are rusty tools and flower pots.

  29. Re:So he built a garage door opener. by Anonymous Coward · · Score: 0

    yeah... fixed code. Otherwise your first task would be to weed out this kind of lame bruteforce attacks.

  30. Upgrade kits by rwa2 · · Score: 1

    It's been several years since I bought an opener...and even then I can't remember seeing a major brand that wasn't a paired-system remote.

    Argh, damn you Slashdot, get out of my Amazon purchase history!
    http://www.amazon.com/gp/produ...

    I guess 1993 was about when the garage door companies standardized on the the rolling-code thingy that has to be paired to each remote.

    Though now I'm kicking myself for not just building my own https garage door opener using
    http://www.instructables.com/i... so I can let the kids in remotely when they forget their keys.

  31. on 'Bewitched' by Anonymous Coward · · Score: 0

    I remember an episode of 'Bewitched' where low-flying aircraft triggered a garage door. Maybe these remotes have switched to digital since then but they're not treated as keys 'to the kingdom', like a car remote. Even that happened only after industry insiders showed that transmissions from car remotes could be recorded and then played to unlock a car. Once again, when security goes high-tech, the technology used is cheap and nasty.

  32. Toys for grown ups. by Col.+Bloodnok · · Score: 1

    I have two of those toys on my desk right now, they are useful dev kits for the TI CC1110 microcontroller - an 8051 based core with 32K flash and 4K RAM.

    You also get a CC1111 part inside the wireless dongle which comes with it.

    If you look at the PCB in the device, it is a hardware hackers dream. The debug port is broken out onto pads inside the battery compartment, and there are test pads all over.

    The SPI screen is bitmap addressable and the keyboard is sanely wired up. You even get a piezo buzzer and 2 LEDs under software control.

    It also runs at 2.5V on 3 AA cells, via a pretty nice LDO regulator that cuts out at 2.9V, so a set of NiMH cells will run down to 1V per cell, squeezing out almost every last drop of juice.

    One of my IM-MEs cost £1, I forget what I paid for the other one, but it wasn't over a fiver.

  33. New wife time? by RockDoctor · · Score: 1

    It may be time to upgrade your garage door opener

    This time I'll get a model with better suction, three holes and a more understanding attitude.

    --
    Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  34. 2600 by johnsnails · · Score: 1

    2600 had a similar article that covers this called 'Brute forcing PIN Code keypads using combinational mathematics' in Spring 2014, uses the same technique to minimise the number of digits needed to crack an electronic pin lock.

  35. DarinBob = "Run, Forrest: RUN!!!" by Anonymous Coward · · Score: 0

    See subject "Forrest" & this -> http://tech.slashdot.org/comme...