There’s a saying that “A lock only keeps an honest person out.” and that’s true in a very literal sense. A lot of our security systems are better at making us feel safe than actually being safe. In the age of sophisticated digital security, this hasn’t really changed, but unlike a broken padlock you may not even tell if someone has broken your digital security. A stolen password or code doesn’t leave an obvious trace.
Modern garage door openers are electronic and digital systems that are vulnerable to some types of attacks. As the object in our homes become smarter and internet-connected, the opportunities increase for people with crime or even just mischief on their minds to gain access to our homes.
Your garage door is often the most important entry point. Some of the most valuable things we possess are in the garage itself, and the door to the rest of the home is often not secured. So if someone can get the garage to open, they have the keys to the castle.
There are some things you can do to better protect yourself, but before I get there, let’s talk about how garage door opener security works.
Back in Time
Garage door openers were introduced during the mid-1920s in the United States. These early devices used a wired keypad that could be reached from your car. You needed physical access to the keypad to open these doors; there was no other way.
As a major convenience and with the march of technology, we eventually saw wireless radio-activated garage door openers. These became ever more popular, but after a while criminals, realised that all openers from a specific manufacturer actually used the same code. So if you bought a bunch of replacement remotes, one for each brand, you could simply try each one until the door opened for you.
So manufacturers worked around this by using a dip-switch system. You had eight to twelve little switches that each be placed in the up or down position. The switches on the opener had to match those on the remote. The total number of unique combinations ranged from 256 to 4,096, depending on the number of switches. While it was impractical for a criminal to sit outside your door trying every possible combination in the hope it would open, computer-based techniques were able accomplish the task in seconds.
Well-known computer security expert and good-guy hacker Samy Kamkar did just this by modifying a cheap Mattel toy.
Using this method, Samy’s modified device could open any fixed-code garage door opener in less than ten seconds. Scary stuff. The obvious and only thing you can do is to check if your garage opener uses fixed-code dip-switches. If you open the remote and see the switches there, then you had better upgrade or replace that opener ASAP, since any kid with an internet search engine and a $99 toy can open your door without breaking a sweat.
Openers made after 1993 probably don’t still use this system, but there are some newer models that do. Get rid of them fast.
These days, new garage door openers use a method known as “rolling” or “hopping” codes. This method has different brand names depending on the manufacturer, but they all basically work the same way. Both modern garage door openers and wireless car locking systems use this method.
It’s an Older Code Sir, but it Checks Out
Samy has also found a way around some rolling-code systems, by using something known as a “man-in-the-middle” attack. His device jams your remote’s unlocking attempt and copies the code. It’s lets your next try through, but now has one valid code that, according to the car or garage door unit, is still good.
Newer cars are already proof against this with rapidly expiring codes, but many older systems are vulnerable. The only way to know if your garage door opener uses the fast expiry method is to phone the manufacturer. It may be possible to upgrade it with new firmware. This technique hasn’t been released to the public yet, but people like Samy will soon do it to force manufacturers to issue solutions.
The next frontier for hacking probably will be the new generation of home automation, internet-enabled garage door openers. Doing away with the short-range remotes, these devices allow control via the internet over vast distances. In many ways they can increase your level of security.
Unfortunately, anything connected to a network can be hacked. The trick is to make it more difficult than it’s worth for a criminal. Make sure that you have a decent firewall on your internet connection, usually in the router itself. Unfortunately, much of this security will rely on how good your manufacturer’s systems are. Even large companies have their servers hacked from time to time.
Should you worry? The chances that you’ll be targeted as a whole are of course quite small, but if you’re sensible and don’t have a lax attitude toward security, you can make it even more unlikely. Make sure your systems use the latest security methods. Use extra security measures, such as having a separate lock on the connecting door between the garage and house itself.
The risk shouldn’t be panic-inducing, but it’s not zero, so we should all act accordingly.