Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

It Only Takes 8 Seconds for a Hacker to Open Your Garage Door


b2ap3_thumbnail_garage_hackers_400.jpgHackers have proven to be a crafty and suspicious lot, and can take advantage of even the most benign technology to infiltrate networks. However, we don’t often associate them with objects in the physical world. Now, even something as simple as a decade-old communications device can be used to open the right garage doors.

The device in question was built from a discontinued toy from 2007 called the IM ME. Manufactured by Mattel, it’s a device that was advertised as a secure wireless instant messaging system, sort of like an archaic mobile phone that allows for texting. It stores an address book of other users of the IM ME system, and allows for communications between devices so long as the device had an Internet connection. Looking at it now, you wouldn’t be surprised to hear that it’s no longer supported or even remotely useful these days, especially since smartphones are so much more dynamic and effective for communication.

Last year, it was discovered that this toy could be altered to hack into any garage door that’s equipped with an insecure fixed code transmitted from a remote, rather than one that uses a “rolling code” that’s constantly changing with every button press. The flaw was discovered and exploited by Samy Kamkar, who works as an independant developer and technology consultant. He reportedly built the device out of the IM ME, adding only an antennae and a simple open-source hardware attachment.

Kamkar explains that his device, which he dubs the OpenSesame, works in a different fashion from what are known as “code grabbers.” Ordinarily, code grabbers are devices that capture the code from the garage door button when it’s pressed, and can then reuse the code at a later time. This requires the presence of the hacker when the button is pressed. OpenSesame can accomplish this without being anywhere near the user, which makes it significantly more versatile and dangerous.

The most dangerous part of this hacking experiment is the fact that any hacker can walk up to a vulnerable garage door and have it open in around eight seconds. As reported by WIRED:

Using a straightforward cracking technique, it still would have taken Kamkar’s program 29 minutes to try every possible code. But Kamkar improved his attack by taking out wait periods between code guesses, removing redundant transmissions, and finally using a clever optimization that transmitted overlapped codes, what’s known as a De Bruijn sequence. With all those tweaks, he was able to reduce the attack time from 1,771 seconds to a mere eight seconds.

If you want to know how OpenSesame works, you can watch this video. If you’re unsure of whether or not your garage door is vulnerable to this particular issue, you can watch this video released by Kamkar:

This just goes to show how dangerous and unpredictable some of the things on the Internet of Things can be. With so many devices capable of communicating with each other through near-field and Bluetooth communications, in a worst-case scenario, it becomes a liability that can quickly spiral out of control. Concepts like these should make your business question if it’s prepared to handle the dangers that are approaching in the form of unregulated Internet of Things devices. Considering how much your business stands to lose, you shouldn’t be putting your organization at this kind of risk.

We can give your business’s network a quality assessment to ensure that it’s not vulnerable to other Internet of Things devices and emerging technologies. To learn more, give us a call at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 02 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Workplace Tips Backup Innovation User Tips Data Computer Mobile Devices Hardware IT Services Android VoIP Disaster Recovery communications Smartphones Communication Business Continuity IT Support Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Quick Tips Cybersecurity Business Management Users Windows Upgrade Phishing Managed IT Services Data Backup Outsourced IT Ransomware Windows 10 Server Save Money Data Recovery Cloud Computing Office Windows 10 Passwords Chrome Virtualization Gadgets Social Media Saving Money Holiday Tech Term Microsoft Office Managed IT Services Automation Managed Service Operating System Facebook Computers Artificial Intelligence Cybercrime Networking IT Support Hacking Internet of Things Wi-Fi BYOD Mobile Device Management Health Remote Managed Service Provider Spam Office 365 Telephone Systems Covid-19 Alert Information Technology Information Router Social Engineering Mobility BDR Recovery Employer-Employee Relationship Bandwidth Encryption Applications Remote Monitoring Big Data Law Enforcement App History Mobile Computing Password Application Money Human Resources Data Breach Remote Computing Mobile Office Government How To Private Cloud Office Tips Blockchain Paperless Office Training Managed IT Data Storage Patch Management VPN Apps Servers Mouse Google Drive HaaS Data Security Avoiding Downtime Flexibility Wireless Marketing WiFi Gmail Bring Your Own Device IT solutions Entertainment Data Management Vulnerability Website Work/Life Balance Settings Budget Windows 7 Infrastructure Word Voice over Internet Protocol Two-factor Authentication Education Apple Physical Security Vendor Management Safety Social Sports HIPAA Redundancy Data Protection User Error Keyboard Meetings Vendor Risk Management Managed Services Hacker Display Save Time Staff The Internet of Things Software as a Service Telephone System Lithium-ion battery Employee/Employer Relationship Machine Learning Connectivity Remote Work RMM Conferencing Cleaning Scam USB Firewall End of Support Virtual Reality Humor Fraud Internet Exlporer Remote Worker Network Congestion Unsupported Software eWaste Procurement Net Neutrality Charger Cryptocurrency PDF Workplace Strategy Help Desk Compliance Proactive IT Printing OneNote Computer Care Comparison Current Events Wearable Technology Telephony Best Practice Retail CES YouTube Hard Drives Samsung Black Market Instant Messaging Managed Services Provider Excel Robot Content Management Database Value Virus Business Technology Access Control Biometrics Spam Blocking Electronic Medical Records Document Management Unified Threat Management Virtual Desktop Remote Workers Wireless Technology Computer Accessories Virtual Assistant Solid State Drive How to Authentication Downtime Processor Hiring/Firing DDoS SharePoint Data storage Hard Drive Automobile Update Printer Bluetooth Computing Computing Infrastructure Customer Service Going Green Environment Google Docs Business Intelligence Identity Theft Audit Worker Fax Server IT Management Battery IT Consultant Botnet Shadow IT Digital Signage SaaS Augmented Reality Legal IT Plan Workers Benefits Search Engine Twitter Procedure Saving Time Maintenance Business Mangement Shopping FENG Google Search Politics IaaS NIST Advertising dark theme Smart Tech AI Bloatware Trending IT Infrastructure IBM Bing Smart Technology Addiction FinTech Amazon Flash Notifications Recycling Social Network Tablets Consultant Wiring Practices Entrepreneur Software Tips Investment Supercomputer Analytics Emails Cache Relocation Employees Amazon Web Services Sync Employee/Employer Relationships Shortcut Criminal ISP Best Available Safe Mode Windows 365 GDPR Video Games Hosted Computing Video Conferencing Cost Management ROI WIndows 7 Netflix Shortcuts Two Factor Authentication Worker Commute Wireless Internet Sales Social Networking Online Shopping Bitcoin Personal Root Cause Analysis Cryptomining Experience File Sharing Point of Sale Music Camera Scalability Inventory Supply Chain Management Specifications HBO Knowledge Business Owner Running Cable Wire Monitoring Evernote Skype Batteries NarrowBand Digitize Memory Travel Data loss Windows 8.1 PowerPoint Troubleshooting Printers Search Windows Media Player Millennials Outlook Windows Server 2008 R2 User Leadership Smart Office iPhone Customer relationships Wireless Charging Start Menu IT Assessment Screen Mirroring Manufacturing Loyalty Email Best Practices Books Virtual Private Network Workforce Frequently Asked Questions Managing Stress Science Windows 10s Security Cameras Files Computer Tips Cables Mobile Managed IT Service Virtual CIO Chromecast OneDrive Cast Biometric Security Cameras Emergency Project Management Nanotechnology Peripheral Telecommuting Tip of the week webinar Uninterrupted Power Supply Using Data Public Cloud Employer Employee Relationship Distributed Denial of Service Colocation Digital Security Cameras Customer Relationship Management Cortana Professional Services Digital Signature Copiers Analyitcs 5G Assessment Warranty Monitor Quick Tip Programming Windows Server 2008 Smartwatch HVAC Ergonomics Google Apps Tools Analysis Development OLED Television Printer Server Administrator Antivirus Devices Reputation PCI DSS Streaming Media Virtual Machine Tech Support Fiber Optics Windows 8 Employee Content Enterprise Content Management 2FA Techology IT service Accountants Laptop Messaging Cabling Public Computer MSP Transportation Microchip Thought Leadership Customers Policy Credit Cards Regulations Hypervisor Trend Micro Tablet Computer Fan Rootkit Audiobook Password Management Dark mode Password Manager Domains Touchpad SMS Multi-Factor Security Default App

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code