An electronics geek has devised a way to help thieves. Wouldn’t it be nice if people like this applied their talents to something that would actually help the general public?
This “geek” needs to be in jail.
This "geek" needs to be in jail.
When he commits a crime yea. But making a device that criminals use to to hurt people isn’t a crime.
“making a device that criminals use to to hurt people isn’t a crime.”
Of course it isn’t a crime.
But, what about decent morals and ethics?
Does this guy have either of those qualities?
I don’t think so.
It’s an interesting dilemma. On the one hand, he claims a noble purpose in forcing auto makers to improve security. On the other hand, he’s making life easier for car thieves.
In the long run, car security will probably improve. In the short run, more cars will probably be stolen.
Whitehat hacking has been going on for decades. It’s not a crime and the guy doesn’t need to be in jail.
Somebody is going to discover this vulnerability. I’d much rather it be someone who makes the vulnerability public knowledge rather than someone who uses the vulnerability to steal my car.
There is absolutely nothing whatsoever amoral about exposing security holes in a system that consumers trust to be free of security holes, especially when those holes have been known to manufacturers for years and the manufacturers ignored the problem and kept taking our money.
The ones who belong in jail are the ones claiming to sell a secure system that they know is not secure.
+1 to jesmed’s comment.
A hack like this will probably cause automakers and companies that manufacture garage door openers to improve their security, but in the process, huge numbers of “older” cars and homes are put at increased risk of theft due to this…technological advance.
Of course it isn't a crime. But, what about decent morals and ethics? Does this guy have either of those qualities? I don't think so.
I don’t disagree with that…but when do we start throwing cigarette manufacturers in jail.
"When he commits a crime yea. But making a device that criminals use to to hurt people isn’t a crime."
Well, that’s not universally applied. Care to purchase some Sarin? 
“I don’t disagree with that…but when do we start throwing cigarette manufacturers in jail.”
I would argue that you shouldn’t do that because it isn’t the appropriate role of government to force the citizenry to make healthy choices: their job is to make sure everyone who reaches adulthood knows the risks…and then trust them, as sovereign beings, to make choices (and live with the consequences thereof.) I realize, however, that this is one man’s opinion, and many today expect government to be a perpetual “au pair” to its citizens.
This hack can be defeated by having on hand a second decoy fob with a useless code (like an old fob from another car).
Press that after opening your car and the RollJam will store a useless code.
*I* would argue that you shouldn't do that because it isn't the appropriate role of government to force the citizenry to make healthy choices
I don’t agree with it either. I do think it’s appropriate it to call out people like this…but I don’t see any laws broken. If he used the device himself to steal a car…that would be a different story.
As a manager of software development at a telecom company I deal with people like this all the time. We are constantly monitoring the hacker community and the software they write and sell. Until it’s being used by someone there’s nothing we can do.
Well I guess anything that goes through the air instead of hard wired is susceptible and we shouldn’t feel so secure. The thing is that I have two garage doors with openers and the outside key pad and key access. All they have to do is pull the key pad off the wall and short the wires off and the door will open. They don’t need no code scanner. I guess maybe I should just put the slide lock back on the doors for extended absences.
The thing is, I think this is going to appeal to stalkers more than thieves. I get so tired of this. People attacked on bike trails . . . I guess you just have to arm yourself.
What I have been doing, is I use a steering wheel lock (The Club) when my car is new and I’m parking in a spot that is even remotely questionable. I continue this use until the car is 2 years old.
And never leave anything valuable in the car.
The thing is, this hacker’s box does nothing a thief could not do by breaking a window. He still needs to start the engine and drive the car away. (But perhaps cars that have pushbutton starter are an exception, dunno.)
What I have been doing, is I use a steering wheel lock (The Club) when my car is new and I'm parking in a spot that is even remotely questionable. I continue this use until the car is 2 years old.
Check Youtube…there are videos of teenage kids disabling the club in less then a minute.
^ With the increase in power of simple hand-held, battery-powered saws, I’d club-like devices aren’t all they once were. But then, you don’t have to be theft-proof: just harder to steal than an equivalent target. Like the joke goes, "I don’t have to outrun the bear…I just have to outrun you!"
P.S. I wouldn’t call this hacker “white hat”–more like “grey hat”–out to make money off of his invention, and let the chips fall where they may.
All they have to do is pull the key pad off the wall and short the wires off and the door will open.
That’s one reason the new ones are just pin-protected remote transmitters. You can pull it off the wall, but there won’t be anything to short behind it.
I also like the new ones which are internet-capable. If someone does manage to trick my door into opening, I’ll get an alert on my phone instantly (and the cameras in the garage will record what they’re doing, which I can also see on my phone immediately).
(But perhaps cars that have pushbutton starter are an exception, dunno.)
I can’t imagine they would be – modern ignitions have a chip in the key that tells the car the key is there and therefore it’s OK to start. There’s no functional difference between completing the circuit by turning the key, and completing the circuit by pushing a button - your key still needs to be in the car for it to start.
The hacker would have to trick your car into thinking your key was there, which would be trickier than just sending the unlock command.
One thing I’m noticing about these attention grabbing headlines is that they’re making an awfully big deal out of what hackers can do to your car (hacker activates brakes on a Corvette by remote!) without pointing out that in most cases you either have to do something dumb (like plugging in that driving monitor from the insurance company, which is full of holes and easy to hack) or the hacker has to gain physical access to the car.
I remember one where they did a demo - the hacker sat in the passenger seat with a laptop hooked up to the ECU and was doing all sorts of things like changing the climate control, making the brake warning light come on, etc. And the news story that showed this acted like it meant hackers were going to take over our cars and everyone would die.
The whole issue has been overhyped to ridiculous extremes.
"I also like the new ones which are internet-capable. If someone *does* manage to trick my door into opening, I'll get an alert on my phone instantly (and the cameras in the garage will record what they're doing, which I can also see on my phone immediately)"
If it’s connected to the internet, then a hacker anywhere can break in, and also turn off the alert and turn off the cameras.
There is no way I would put an internet connected front door lock on my house, you might as well leave the door open.
Perhaps I’m being paranoid…
It’s healthy for hackers of any type to publicize their findings. We all end up with more secure products in the long run.
If it's connected to the internet, then a hacker anywhere can break in, and also turn off the alert and turn off the cameras.
The internet isn’t the hive of scum and villany people make it out to be. No one is going to try and hack their way into my garage door because there are easier targets that don’t require hacking, like the people who leave their doors open from sun up to sun down.
Even if they do try, they’ll have to get through multiple layers of security (including knowing which garage door is mine of the thousands in the database), and since they won’t be logging in from a recognized computer there will be a text message sent to my phone which I have to respond to in order to authorize their logging in.
The cameras and garage door are on two different systems, so if they break into one, they still won’t have access to the other. I personally manage all the security for the camera systems, and, well, if they can break into that then they’re good enough to go for more lucrative targets that have jewels and rare exotic cars locked inside. They’re not gonna be cruising my neighborhood when they could make millions somewhere else.
Even if they break in and steal the camera’s recording device physically, it uploads pictures of alerts to my phone, so then they’re gonna have to come find me personally and steal my phone… And my phone’s account since those pictures are stored off-device.
In other words… Yeah, you’re bein’ a little paranoid. 
"The internet isn’t the hive of scum and villany people make it out to be. "
Oh, sure it is.