Are smart garage door openers safe? Can they be hacked and how easily?


Smart Garage Door Openers Cyber Security Eye

Homeowners these days are accustomed to having an attached garage, and the garage door is how many of us come and go from our house. It’s a great convenience, but is it also weak point for thieves to gain access to our house?

Researchers have proven that garage doors, traditional or smart, can be hacked. Traditional garage doors with rolling codes can be hacked by jamming a receiver and recording a transmitted signal. Smart garage door openers can be hacked the same way or through their internet connection.

If that sounds technical, that’s because it is. Hacking a garage door requires using specialized equipment, and it a lot more work than the brute force method of breaking open a door. Read on to learn more about how these hacks work and how you can protect yourself.

Related Content: 5 Best Smart Garage Door Openers For Two Or More Garage Doors

How Does Garage Door Opener Security Work?

To fully answer this question, we need to look at the three types of openers that garage doors opener have used and still use.

There are three types:

  • Fixed Code
  • Rolling Code
  • Smart (Internet Based)

Fixed Code Garage Door Opener Security

I’m hoping that this section is just a walk-through history for you, and not what you currently have.

What is a fixed code garage door opener?

Garage door openers in the 20th century (prior to 1995 to be exact) used fixed codes to open garage doors. This type of security was phased out once manufacturers realized that it wasn’t very secure.

Fixed code garage openers were only sold prior to 1997 and had dip switches in the remote that would need to be set to match a code on the garage opener. The same code is used every time to open or close the garage door.

These codes were very short in length; between 8 to 12 bits. Other than matching the bit sequence, there was really no other security.

These openers allowed for 4,096 different codes at most. The idea was to avoid interference you’re your neighbors garage doors. As long as they used different codes, no problem! You would avoid opening their garage and your garage at the same time. There were enough codes that this usually worked.

These systems were not designed to be secure. Manufacturers did not have security in mind. The number of codes was small enough that anybody with a remote-control transmitter on the right frequency could just start flipping the DIP switches and work their way through all the possible codes until they found one the one that worked. More sophisticated intruders could use a software defined radio that automatically transmitted every possible code in under a minute. Way under a minute!

Fixed Code Garage Door Openers have no security! With modern technology, these types of doors can be hacked in less 10 seconds.

Fortunately, this technology hasn’t been sold for over two decades and is getting old enough that most units are breaking down and requiring replacing.

All you would have to do is determine which frequency the garage door opener used, and brute force all the possible sequences with your own transmitter. These garage door openers didn’t have a lock out feature after a certain number of failed attempts.

Rolling Code Garage Door Opener Security

Fortunately, security has come a long way in recent since then. After fixed code garage door openers came rolling code garage door openers, which are still in use today. Rolling code garage door openers can be hacked, but it takes a bit more work.

Every time you press the open/close button on your remote, a unique code is sent which can never be used again. That means if someone has the technology to record the code you sent, they won’t be able to reuse it. This is called a replay attack.

Now you may be thinking what if I pressed the button and I wasn’t within range of my garage door opener. You press the button a second or third time, and the garage will still open. Well, remember how you had to pair the opener with your remote?

Since the two are synced, the garage opener and the remote both have a counter in them. If the remote is ahead of the opener (by a reasonable distance), then the code will still work.

If the remote is behind the opener, then the code will not work. This is why the replay attack will not work.

How do I know if my garage door opener has a rolling code or is fixed code?

Your garage door opener uses a rolling code if it was manufactured by Chamberlain ((including LiftMaster and Craftsman) or Overhead Door (including Genie) after 1997. Chamberlain uses Security+ and Overhead Door uses Intellicode or CodeDodger branding to indicate rolling code technology.

Most garage door openers are manufactured by one of those two companies, therefore most garage door openers made after 1997 have rolling code technology.

Here is a timeline, curtesy of Wikipedia:

The following standards are used by units manufactured by Chamberlain (including LiftMaster and Craftsman):

DatesSystem
1984–19938-12 DIP switch on 300-400 MHz
1993–1997Billion Code on 390 MHz
1997–2005Security+ (rolling code) on 390 MHz
2005–presentSecurity+ (rolling code) on 315 MHz
2011–presentSecurity+ 2.0 (rolling code) on 310, 315, and 390 MHz

Recent Chamberlain garage door openers that have Security+ 2.0 features also use a special serial protocol on wired connections rather than a simple switch closure.

The following standards are used by units manufactured by Overhead Door Corporation and its subsidiary The Genie Company:

DatesSystem
1985–19959–12 DIP switch on 360, 380, or 390 MHz[6][7]
1995–2005Intellicode/CodeDodger (rolling code) on 390 MHz
2005–presentIntellicode/CodeDodger (rolling code) on 315 MHz
2011–presentIntellicode 2/CodeDodger 2 (rolling code) on 315 and 390 MHz

It is possible to purchase a universal receiver and transmitter retrofit kit to will turn your fixed code opener into a rolling code system. However, fixed code garage door openers are getting really old, well over 20 years old by now. It is probably better to invest in a new garage door opener instead of trying to upgrade an outdated system.

How to Hack a Rolling Code Garage Door Opener

Now the trick to hacking a rolling code garage door opener is a little complicated. It requires having the tools to jam the garage door opener receiver and the tools to record the code coming from the remote opener.

Have you ever pressed the button on your opener and it didn’t work, so you pressed the button a second time? This is a common occurrence just because there is a lot of interference with the type of transmission frequency that is used.

This hack relies on you pressing the remote button twice.

It’s common, so most people don’t even think twice about it. (Pardon the pun.)

Can rolling codes be hacked? Yes!

The way the rolling code hack works is that the hacker will jam the signal, and record what is transmitted both the first and second time. The hacker will then transmit the first recording so that the garage door will open/close.

This allows the hacker to save the second code for when they need it. Remember that if he would have sent the second code, then the first code he recorded would no longer work.

If you are more technically inclined and would like to know all the details, I’d suggest watching this video of Samy Kamkar, the guy who came up with the attack.

The video talks about rolling codes for cars, but the same tactics can be used for garage door openers.

How to Secure a Rolling Code Garage Door Opener

There is not much the end consumer can do to secure a rolling code garage opener from being hacked using the roll-jam attack. It requires design effort from the manufacturers. Here are ways that manufacturers can help prevent their doors from being hacked

Use Time-Based Algorithms

The remote opener sends a code that is determined based on the value of an internal counter. It has no concept of time, and does not change overtime. The code only changes from one click to the next.

If a time-based algorithm was used, the roll jam attack wouldn’t work, as the code would expire before the hacker had a chance to use it.

The downside to this approach is that the consumer would have to sync the remote with the garage opener periodically, which a lot of people would find as a hassle. Most people aren’t that concerned with security, nor do they understand it well enough to know that it is worth the hassle.

Use Transceivers

Currently, the remote control only sends a code to the opener. It’s a one-way communication.

If communication was two-way, where the garage opener sent a message to the remote control, and the remote control had to respond back, there could be more security measures used.

Smart Garage Door Opener Security

Related Content: What Is a Smart Garage Door Opener? Never Worry About This Door Again

Smart garage door openers are not immune to the same hack as the rolling code hack, since many openers will still have a remote, in addition to the app, to open and close the garage door.

There is one more obstacle to overcome though, and that is the physical sensor on the door that detects if it is open or closed.

This is easy to overcome those, as the attacker can just reposition the sensor to the proper position.

Researches at McAfee were able to hack a Chamberlain myQ garage door opener using this method. You can read more on the McAfee website here.

I’m not trying to attack Chamberlain myQ here, as they are actually one of the most secure smart garage door openers on the market. Rolling Codes is just a vulnerability that almost all garage doors have.

Aside from using the rolling code attack, smart garage doors openers open up another vulnerability by being connected to your local network, and then to the internet.

The manufacture really has to put an emphasis on security to protect these devices.

If someone is connected to your local network, some cheaper smart garage door openers may not encrypt the code that gets sent to the opener. This means that a hacker can just copy the command and send it whenever is convenient for him.

Smart Garage Opener apps will often use what is called a remote access API. This means you press a button the button on your phone, it gets sent to the cloud, and then sent to your garage door opener. If these messages are not properly encrypted, this leaves the door wide opener for hackers.

Let me circle back around to myQ. MyQ has done a great job at securing the internet side of their smart garage door openers. They are very secure, and require a good amount of effort to be hacked. Which brings us back to the original question.

Related Content: How Much Will Smart Garage Door Openers Cost You? Listed By Price

Are Smart Garage Door Openers Safe?

Short answer: Yes! If you buy the right brand.

Smart garage door openers from reputable manufacturers, such as Chamberlain, are just as safe as traditional garage door openers. Cheaper brands may not invest in IoT or application security, leaving security holes in their smart garage openers.

Technically speaking, anything connected to the internet can be hacked. It’s something we have all experienced. Smart garage door openers are no exception to the rule.

However, the likelihood of it being hacked if very small. In the event that your garage door opener is hacked through the internet, the hacker won’t know where you live, unless they have further access to your account.

If the hacker is able to open your garage door and figure out where you live, they will then need to be close enough to exploit the hack. What are the chances that they will be able to get to your house before you do, even if you are at work all day? The chances are slim.

Also, they don’t know what is in your garage. They don’t know if the door from the garage to your house is locked or unlocked, or if you have dogs. So, for someone to maliciously hack your garage door would be a lot of work with little reward.

How to Prevent Garage Door Break-ins?

We’ve established that any type of garage boor can be broken into, and it’s really not that hard as long as someone is willing to buy the equipment necessary. That equipment really isn’t that expensive either. Less than a couple hundred bucks.

Here are a few ideas that can help prevent breaks and also keep your house secure if someone does get your garage door open

Garage Door Controllers Security

9 Ways to Prevent Break-Ins Through Your Garage Door

Install an exterior security camera

Thieves don’t like being caught on camera. If you have a camera that is in a conspicuous spot facing your garage doors, it will deter most intruders from even attempting to break in.

Install an interior garage security camera

In the even that an exterior camera wasn’t enough to deter a burglar, have one inside your garage as well. This one can set to detect motion and notify you if any movement is detected outside of when you would normally expect movement in the garage

Lock your garage door

A burglar won’t know it until they’re already in your garage, but this will prevent the rest of your house from being burglarized.

Install an alarm system on the garage doors

If you don’t think cameras are sufficient, or you would like to double up on security and have the option of notifying police, then door and motion sensors in the garage are great.

Modern alarm systems can be turned off remotely, so this can be done without having too much of an impact on your normal routine.

Don’t leave garage door remotes in the car

Don’t leave them in plain sight either. It’s easier for a thieve to break a car window and then have easy access to your garage and possibly the rest of your house.

Two easy ways to fix this. Get a remote-control keychain or get a smart garage door opener. A smart garage door opener is probably the most convenient. Who doesn’t have their cell phone when they go out these days?

You can always install a keypad outside the garage door for those times when you forget your remote control or phone.

Keep your garage door closed

This is to help prevent “opportunity” crimes, where a person wasn’t planning on committing a crime. They just happened to be walking by, and saw an open door and couldn’t help them selves to taking a few things they saw.

All you have to do to prevent this is close your garage door.

Install a deadlock on the garage door

This is like a deadbolt for the garage door. It’s a lock that gets mounted on the moving part of the door, and has a bolt that slides into a hole in the roller track. Just like the moving door has a bolt that slides into the door frame.

This is great for when you are on vacation or don’t plan on using the garage door for an extended period of time.

Install motion-sensitive lights

Another thing that most burglars don’t like is light. A light turning on can be enough to spook them and prevent the crime from happening. A light can also help your cameras get a good picture or video of them caught in the act.

Block Garage Windows

Windows are easy points to gain access. Try to find a way to secure them or block them so that they can’t be used to enter the garage.

Related Content: Is It Safe to Use IFTTT? Security Concerns When Using IFTTT

Recent Posts