Americans’ garages, those sacred suburban havens of automobiles and expensive tools, are probably more important to us than many of our online accounts. But some garages are only protected by a code whose security is equivalent to a two-character password. And security researcher Samy Kamkar can crack that laughable safeguard in seconds, with little more than a hacked child’s toy.
On Thursday, Kamkar revealed a new tool he’s created called OpenSesame, which he says can open any garage door that uses an insecure “fixed code” system for its wireless communication with a remote. Built from a discontinued Mattel toy called the IM-ME, altered with a cheap antennae and an open source hardware attachment, Kamkar’s less-than-$100 device can try every possible combination for these garage doors and open them in seconds.
Kamkar’s OpenSesame device: a reprogrammed Radica IM ME texting toy.
“It’s a huge joke,” says Kamkar, a serial hacker who works as an independent developer and consultant. “The worst case scenario is that if someone wants to break into your garage, they can use a device you wouldn’t even notice in their pocket, and within seconds the garage door is open.”
Before barricading or booby-trapping your garage against OpenSesame intruders, it’s important to note Kamkar’s exploit doesn’t work against just any garage door—only ones that respond to a “fixed code” wirelessly transmitted by a remote instead of a more secure “rolling code” that…