This $12 toy can open a garage door in seconds

What is this:

Samy Kamkar – a security researcher has developed a method that enables him to open almost any garage door that uses an insecure “fixed code” system in seconds. The device he built called OpenSesame, using a new attack he’s discovered, to reduce the time needed to guess the code to open the garage.

IM-ME

It is built from a discontinued Mattel toy, called the IM-ME. The IM-ME is a defunct toy and Mattel no longer produces it, but if you are lucky, you can find it on Amazon or eBay with prices varying from $12 to $100.

How does this work:

The issue with fixed code is their limited keyspace. For example, a common garage uses an 8-12 bit code. They are binary and since the password that opens the garage is fixed, there are only 256 to 4096 possible combinations. We can see even the 2-character password is more secure than the 12-bit binary dip switches.

Kamkar starts with a normal brute-force attack, and it took around 29 minutes. He says that normally a single click sends the same code 5 times. It takes 2ms to send each bit and also a 2ms wait period per bit after the entire code is sent. That is why to break the 12-bit code, we have to send a total of 98304 bits to produce every 12-bit code and wait period. This is not bad, but he felt that there was a need to reduce the time.

First, he stops retransmitting each code. This of course significantly reduces the amount of time by 5 times.  This is a great improvement, however, reducing the time can even be more effective if we can eliminate the waiting period between sent codes. In order to achieve that, the number of codes we send must be as few as possible. In the best scenario, we could send just only one code.

He realizes that the “fixed code” garage uses a bit shift register to decode the received codes if it works or not. This is actually a weak link of the system since this makes the method above possible. By using a bit shift register method, when encountering an incorrect code, instead of clearing it, the garage will just shift out one bit and pull in one bit of the next code transmitted. Let’s say our garage password is 1010 which is a 4-bit code. If we send a code “11010”, the garage will first test 1101 (incorrect). Then, it removes the first bit and pulls the next one bit which becomes 1010 (correct). That means, instead of sending 12 bits (to test two 4-bits codes and a 4-bits wait period), we just need to send 5 bits. Kamkar uses an algorithm called the De Bruijn sequence. The method produces a single code that uses as few bits as possible and includes every possible combination of (in this case) 12-bits code. By using this method, he calculates that a total of bits to send are 4107 bits, only around 4 percents compare to the normal method (98304 bits).

An Example of a 3-bits OpenSesame Attack https://samy.pl/opensesame/

How to prevent it:

If one owns a house that is built in 1995 and before, they will most likely have a fixed code garage door opener and face a high risk of security.

Basically, this method only works with garages that use fixed code. To prevent this type of attack or any traditional brute-forcing attack, Kamkar suggests an upgrade to a system that uses rolling codes, hopping codes, etc… 

References:

https://samy.pl/opensesame/

https://hackaday.com/2015/06/08/hacking-the-im-me-to-open-garages/

https://www.wired.com/2015/06/hacked-kids-toy-opens-garage-doors-seconds/

Join the Conversation

42 Comments

  1. Interesting read. It’s hard to imagine a guy was able to use a kid’s toy to break a garage lock in seconds. I really like that you talked about password because it feels like it has been a long time since we did that chapter on how to choose a secure password. Thanks for refreshing my memory. Since this lock was made back in 1990’s, hackers will have many ways to break it because the lock’s security has not been updated to the latest methods. Thanks to kamkar for making the owner’s of the garage aware, how easy it is to break their code and what they need to do in order to prevent it from happening again.

  2. Great post, I love how the title sounds very “click-bait-y”, but the post does indeed explain how a $12 toy can be used to hack garages haha. My house is an older house, and so this article gave me a bit of a scare; thankfully the garage door opener was replaced relatively recently. (The replacement was due to the original not working, but I’m glad to hear that it has also made my house a bit more secure!)

  3. This is an interesting read. It shows how resourceful a hacker can be and how something appearing to be insignificant (IM-ME) can actually pose serious security and privacy risks for some people. Keeping our own security systems updated to the most recent version is an important step for preventing these kinds of attacks. However, I live in an apartment right now, so sucks to be any potential hacker! (Unless they find a way to copy my own electric key…).

  4. Very interesting post here.
    It is intimidating to think that such a tool can be used to open garage locks. Even for my family, we use garage locks even though we have the inside door locked too. This post shows why it is important to upgrade locks so that they are more secure. Sometimes it might just seem like an additional cost to worry about, but advanced technology can help protect belongings. Very important to at least have locks with more complex codes like 0-9 digits and a longer one.

  5. Very interesting post! Prior to reading this post, I was entirely unfamiliar with “OpenSesame.” I find it quite fascinating that OpenSesame has the ability to wirelessly open any fixed-code garage door within seconds, by exploiting an attack in wireless fixed-pin devices. I find it even more intriguing that Samy Kamkar developed this device using the Mattel IM-ME toy; which speaks to his incredible creativity. You would think that anyone who had this particular Mattel toy would be able to employ such attacks for the purpose of opening garage doors, however, Kamkar is smart; he intentionally bricked the code to prevent it from being abused. Essentially, unless you are an expert in RF and micro-controllers, it would be difficult for you to modify the code for a functional purpose. Although my garage would not be susceptible to such an attack, many garages currently employ fixed codes, and thus, are at a high-risk of being exploited by a $12-toy. What a world we are living in!

  6. This is a very interesting post. It makes me consider all of the legacy technologies we use everyday that have no real protection against modern cyber attacks, and how those could be exploited. I remember only a few years ago, there was a cyberattack on a bunch of printers causing them to print messages of popular memes at the time (https://thehackernews.com/2018/11/pewdiepie-printer-hack.html). Whether there’s anything we can do regarding this depends on the specific thing being attacked I suppose, but it almost feels like a bubble about to burst with how much older technology we use (dog collars, TVs, older cars, etc).

  7. It was a fascinating read. It’s difficult to believe a man could break a garage lock in seconds with a child’s toy. I like that you mentioned passwords because it seems like it’s been a long time since we went through how to choose a secure password. Thank you for jogging my memory. Because the lock’s security has not been updated to the latest methods since it was created in the 1990s, hackers will have several options for breaking it. Thanks to Kamkar for educating the garage owners on how easy it is to break their code and what they need do to avoid it .

  8. Hi,
    This is something I never expected of! It is really scary how someone could just hack into my garage door and have acess in to my house. Its crazy how anything these days could be hacked and my turst against techonologies these days are going down. Incident like this reminds me to change my password every few months.

  9. That was an amazing post to read! I can’t believe and never expected that this kind of a toy can open alot of garages. one couldn’t imagine how many ways are there that others can use to invade somone’s else personal life. I believe that talking about these incidents merely highlight the fact that we can no longer totally guarantee the protection of our personal life anymore nowadays. Thanks for this information, I never knew that before.

  10. Good post. I don’t know if it is cool or scary how someone can use a kid’s toy to break into a garage. This shows why we should stay up to date with all these new technologies. Older technologies surely cannot protect us from modern cyber attacks. I don’t think ‘privacy’ even exists anymore with all the different forms of cyber attacks rising.

  11. Amazing post! I never thought that a kid’s toy can open a door and I don’t know if I should be surprised or scared because if it’s that easy to get into someone’s house then nobody is safe and we need to come up with more secure appliance to keep up safe and we need to follow more precautions to be safe and not allow anybody to misuse technology and break into other people’s home and breaching their privacy

  12. Nice post! The fact that a children’s toy from the early 2000’s can be used to break into a garage and potentially even a house if the garage is attached is both extremely intriguing and concerning at the same time. Looking into the adaptability of various household items to be used in malicious ways is an interesting way to develop new methods of attack but it seems to be working. It is unfortunate that there is no way to protect from this vulnerability other than changing your garage security system but hopefully homeowner become aware of this security risk before it causes any problems.

  13. This blog post is really insightful. I still can not believe how a 12 dollar toy can be used to hack your garage door. Someone with the right type of knowledge and a cheap device can get into your house is actually very concerning. The right to privacy no longer can exist if people start exploiting knowledge to do illegal activities. People can have expensive and sensitive things in their household and if someone with a 12 dollar toy can get into the house and steal information worth hundreds of thousands, where would an average person go to for help. For someone with a limited income, it is not possible to adapt to secured expensive technologies just to secure their house, they have other expenses to deal with. I think this type of research should be more widespread and advertised, so that everyone can know the danger they might get into.

  14. Very interesting post! Never thought a kids toy would be helping thieves break into peoples homes. It is wild to think that such a simple hacking solution exists to a garage code that I assume many would think is secure. I am interested in learning more if there is a different way in which someone with a fixed code garage would be able to upgrade their security without purchasing a whole new garage door opening unit. Your post has me wary of all the things that I have a password on such as garage doors, the number pad locks on doors and so on. Once again, great post and really interesting to learn about how innovative hackers are getting.

  15. Interesting post. It’s pretty crazy that someone was able to use a kid’s toy to make a device that can open almost any garage. What’s scary is that if this falls into someone’s hands that have malicious intent, they can easily use this device to break into someone’s house. My family never locks the garage door, so if someone were able to open the garage, they can just get into the house right away pretty much. Luckily I have a newer house with a newer garage door opener.

  16. The title really piqued my interest, and it was just as intriguing and educational as I had hoped it would be. I really appreciate the breakdown you made of the inner-workings of the hack as it put into perspective the ingenuity that some people have at times. The potential is fascinating, but also a tad bit frightening when you think about it. Thankfully, Samy Kamkar doesn’t seem to have any ulterior motives in engineering this hack. Otherwise, he wouldn’t have let us in on how it worked. Good post!

  17. Great and accurate title, its cool to see what old technology such as this kids toy can accomplish and also scary. But on the other hand it also highlights the importance of constantly keeping up with new technology so we aren’t exposed to risks or weaknesses that they could have. It also shows the importance of having more complex passwords or locks so that they are not so easily cracked.

  18. Woah that is super interesting and kind of funny how using a toy could let you break into someone’s garage, if not house. I especially think that the De Bruijn sequence is very is a very interesting way to maximize the efficiency of the brute force. It really highlights the security flaws with these old garage code doors. great and informative post!

  19. Garage doors are a highly ignored point of failure when it comes to home security. I feel like most people just forget about them or aren’t technologically educated enough to know how vulnerable many of them are. It’s quite funny but also sad how easy it is to brute force them that they can be “hacked” even with a 12 dollar toy with rudimentary wireless technology. An enjoyable read overall.

  20. That was an interesting read. Just goes to show how the most innocent of devices can still be programmed to perform malicious tasks. Fortunately, the exploit is in the hands of a security researcher so that this vulnerability can be patched. I also found it very creative the way they turned the toy into a garage door remote. The more “smart” home technology is being made, we can only hope that they take its cybersecurity seriously. Though there already have been multiple cases of smart hubs and doorbells being hacked.

  21. Really fascinating post! This really makes me all about the amount of outdated technology we still use. There is an absurd amount of old, legacy technology that is full of security flaws. The sad thing is that even when these flaws are revealed many don’t really bother to fix them. It’s understandable however since I wouldn’t personally get a new garage door because someone can open it with a 12 dollar toy unless I hid something really valuable in my garage.

  22. It comes to show how we create exponential leaps during the development of both technology and alongside security. Old hardware such as vintage garage openers are a prime example of the difference between then and now in terms of encryption technology. It highly reminds me of old wifi security protocols WEP vs to this day WPA3. It is quite a marvel feat that someone such as Samy was able to identify how a mere toy was used in a “malicious” method.

    Thanks for the post!

  23. Good Post! This post reminds me of another blog post I recently read, where car thieves were hijacking and utilizing radio signals sent from key fobs to smart cars in order to rob them. It is good that the person who came up with this exploit is a security researcher and not a potential thief simply using this technology to steal from the homes of others. This researcher clearly has a good knowledge of binary calculations and garage door security mechanisms, So it stands that he is a smart and/or talented individual. It is good that he is using his smarts in order to spread awareness and potentially patch any holes regarding this vulnerability before someone else would misuse their smarts in order to exploit and profit from this security issue.

  24. This was a very fun read. The fact that some guy with a little bit of time on his hands could make a device capable of breaking home security so effectively. I wonder how many devices (not just garages) are still vulnerable to this today. I doubt that this device will be widely used, but regardless, it should probably be addressed by those vulnerable to it.

  25. This is a fascinating post! Never imagined a child’s toy would aid robbers in breaking into people’s houses. It’s incredible that such an easy hacking technique exists for a garage code that I’m sure many people believe is safe. I’m curious whether there is any method for someone with a set code garage to update their security without purchasing a completely new garage door opening equipment.

  26. A really interesting, and kind of hilarious post. The idea of some hacker in a balaclava and dark clothes hiding in a car at night and fiddling with a small pink child’s toy is just too funny!

    This also begs the question, is it just that one specific toy that blows this vulnerability wide open, or are there other toys that have this same functionality that can be used to exploit people’s garage doors as well.

  27. Very interesting post! This really stands out from all those other posts talking about some major hack going on, but it is also really funny. Who would have thought that a $12 children’s toy could be used to essentially break into someone’s house. I guess if it can send any sort of data, then it is a force to be reckoned with… even if its a tiny pink toy. I’m happy to say that my house was built after 1995 so I likely won’t have to worry about some kid next door opening my garage. Nice post!

  28. Thanks for sharing the post. It is quite interesting to pay more attention to our garage door! I must say when there is a system, there is a way to hack in. Also, according to the suggestion at the conclusion, I suppose the new system is more effective and secured than the fixed code system, which is a relief. However, I knew that many house built in 1995 and before, are still being used without any updates to the garage door. This is an alarming for those owners to pay more attention to the back door along with upgrading their property.

  29. Pingback: naza24
  30. Pingback: cat8888
  31. Pingback: โคมไฟ
  32. Pingback: ufa191
  33. Pingback: hit789
  34. Pingback: fenix168
  35. Pingback: fenix168
  36. Pingback: poker online
  37. Pingback: dultogel

Leave a comment