You have to read this one, don’t you? The title is just too catchy to let go.

If you read my recent post on “Ignorance Without Bliss”, you know I was helping out one of my SMB friends, the owner of ‘This Office’ in the story. In my follow up, I told you about the vandalization of the business. And I told you that story so I could tell you this one.

I was at my office the day they found the business had been vandalized. After staying late to work out the password issues and finish up with their PC, I actually had to head straight over to our local ISSA meeting. It was our annual wrap-up and board elections, so it lasted a bit longer. After the meeting, I went along my merry way to This Office to deliver their clean and accessible PC. Finally, I made it home just before midnight.

At 11:48 pm I pulled up to my house. With all the neighbors already asleep, it was dark and lonely at the end of our cul-de-sac. As I got to the middle of the circle I stopped- my garage door was wide open. The position of the house and the garage made it’s gaping hole obvious from all parts of our street, and the next one up. It was also garbage day, leaf pickup day and recylcing day, so I have no clue how many strangers passed by. Nor did I have a clue how long it had been exposed like that- possibly since I left for work at 8:00am - potentially 16 hours of a poor defenselss house. Which may not have been an issue, had it not been my habit to leave the door from the garage to the house unlocked - all the time.

You have to read this one, don’t you? The title is just too catchy to let go.

If you read my recent post on “Ignorance Without Bliss”, you know I was helping out one of my SMB friends, the owner of ‘This Office’ in the story. In my follow up, I told you about the vandalization of the business. And I told you that story so I could tell you this one.

I was at my office the day they found the business had been vandalized. After staying late to work out the password issues and finish up with their PC, I actually had to head straight over to our local ISSA meeting. It was our annual wrap-up and board elections, so it lasted a bit longer. After the meeting, I went along my merry way to This Office to deliver their clean and accessible PC. Finally, I made it home just before midnight.

At 11:48 pm I pulled up to my house. With all the neighbors already asleep, it was dark and lonely at the end of our cul-de-sac. As I got to the middle of the circle I stopped- my garage door was wide open. The position of the house and the garage made it’s gaping hole obvious from all parts of our street, and the next one up. It was also garbage day, leaf pickup day and recylcing day, so I have no clue how many strangers passed by. Nor did I have a clue how long it had been exposed like that- possibly since I left for work at 8:00am – potentially 16 hours of a poor defenselss house. Which may not have been an issue, had it not been my habit to leave the door from the garage to the house unlocked – all the time.

It was freezing outside, so I sat in my warm car while I thought about my options. I called a couple of local friends, but got no answer. My normal instinct would be to go on inside, check it out and move on with life. But with the recent ‘issues’ at This Office, including the breaking, entering and vandalizing the day before, I did some re-thinking and called the non-emergency number for the local police department. I explained I felt pretty sure someone’s opener happened upon my code but… better safe than sorry.

Everything was fine. Three uniformed officers came. They came, they searched, they conquered the empty house and then let me inside.

So it got me thinking. What are the chances of a modern rolling-code garage remote ‘stumbling’ upon another code?  Old garage door openers were just remote transmitters, like those used in bomb detinators. Then I guess we moved to coded sets, programmed with dip switches on the transmitter and receiver. (I used to use one of my Dad’s old red plastic dip sticks to put my hair up in a bun) :)

But now…. NOW we have rolling code systems that should make it practically impossible (so they say) to open the wrong garage door with a stray remote. There are about 9 houses which could be in ‘clicking distance’, including 3 angled from other streets.

So, is my garage door opener a dumb bomb detinator? Do I need to dig up that dip stick again? Is it likely someone was trying to ‘hack’ my garage door? Or, are the probabilities of a duplicated code-hopping remote being within range of my house the most likely answer to today’s riddle?

Who knows. But, my lesson was learned. Now I religiously lock the door inside the garage… just in case.

# # #

jj

Author, speaker, and recognized authority on network and wireless security architectures, Jennifer (JJ) Minella helps organizations solve technical problems and align teams.

View all posts

13 comments

  • Okay folks, I have a problem. A previous tenant who is being sued has a close friend who lives down the street from my property. Recently, my new tenant came home to a flood: someone had entered her closed garage and turned on the hot water bypass valve (it is well above her head). My suspicion is that the friend of the old tenant has bought a universal remote and “learned” the code off garage door so he can go in and mess with things. I bought her a security system but does anyone know how to add a “locking” feature to the remote so it is secure when she goes to work?

  • I’m not that much of a online reader to be honest but your sites really nice, keep it up!
    I’ll go ahead and bookmark your website to come back down the road.

    Cheers

  • My garage door started opening by itself. This always happened about 5 minutes after I closed it. The problem was a sticky push-button inside the garage. With the switch always closed the door would operate normally from the remote but open a few minutes later.
    The solution was a spray of silicon lube on the edges of the large button where it was hanging up.

    This experience led to researching the security if door openers and the installation of an AC appliance remote control. Now when I close the door I also turn off the power to the motor. Now the hacker needs to defeat two devices.

  • OK folks, first things first. Your garage door probably just didn’t shut before you left that morning. A leave blows past the obstruction sensor as you drive off is the usual scenario, although cats and dogs can do it too.

    That said – your house is not secure. It never will be. Let’s say you manage to get rid of the remote opener altogether. (It’s a very easy thing to buy a universal remote and press the ‘learn’ button as you are coming home in the evening.)

    In Missouri I remember panel trucks backing all the way up to the garage door then using cordless saws and cutting a door, essentially moving out entire homes.

    Are all your windows barred?

    Do you have glass break sensors on the windows, motion detectors and live IP web cameras monitoring your castle?

    How far do you want to go to feel secure? I’d suggest that at a minimum, you WATCH THE DOOR CLOSE before you drive off.

    Regarding the other stuff, consider self defense courses. You are the most valuable thing you possess. Defend what’s important, everything else is ephemeral.

  • To all the people who have remote opener, Their are about 28 names of openers world wide that I can open just sitting in my car for 60 seconds . Some of our three lettered have agency’s have the same software. So you must under stand anything made by man (sorry’ or woman ) can be undone by another

  • I have a strange situation of being a programmer / garage door guy. So here’s the deal:

    @perth Rolling code technology does change it’s code each time you operate the transmitter, hence the name…”rolling code”.

    @James You can purchase universal remotes from your local hardware store. They’ll work on practically any opener, though a few Overhead Door openers won’t work.

    @bptr Why would you buy an opener to use it from only inside? At that point you should just erase the receiver’s memory and throw away the remotes, as it would be safer and offer the same amount of convenience. If you’re using the emergency release every time you shut your door, then someone can simply walk up and raise your door manually and laugh at your ignorance of using the “vacation lock” (that’s what the manufacturers call it, and that’s what it’s intention is).

    And lastly, I agree that rolling code is hackable, I’ve not seen anything that works that is practical, it would be easier to just run in a program a remote really fast while the door is up and unattended than the ways I’ve seen to duplicate the signal.

    The newest lines of openers are actually operating on 3 different frequencies, while older openers are operating on 1 frequency, though that frequency varies depending on manufacturer and time period.

  • Rolling code systems should automatically change the code each time you operate your garage door. This means that there’s a billion of possible combinations, making it impossible to crack it. It would require a very sophisticated equipment.

  • 1st of all if someone were waiting they would have closed the garage door after gaining access. But lets look at your post. You leave the house at 8:00 and are a blonde woman who lives at the end of a a cul-de-sac with 3 adjoining streets and your trash day is Tuesday. Your are in your mid to late 30’s, live close to Baltimore Mariland, work in IT for b/a net ops, like Starbucks and won’t be home on your 9th pay period. This took less then a minute and I may be off but haven’t checked anything either. Rolling codes like anything else can be hacked.

  • Hello?? It is never safe to leave your garage door unlocked when gone. You should always flip the switch to disable remote entry. Also disable the emerency pull cord opener. Is it THAT hard to get out of your car and go inside your garage to manually push a button when you get home?

  • I live here in Lima, Peru. Garage doors which use rolling code systems for protection are common here as well as in the states. The problem is that there are people here who are using a scanner based on the IPERCODE system which allows them to grab the rolling code signal and break into your house. So there is actually nothing stoping them from entering into your house when ever they want to.

  • My friend, the new rolling codes which are suppose to give the public a sence of security are not as safe as you might think. I personally own a universal garage door opener which is designed to open garage doors which use rolling codes. If you are wondering just where I bought it I´ll tell you. I picked it up while I was on a trip to Canada. Thought you should know.

  • I have seen the model for this hack. I beleive it only works for gdo’s made before 2003 and "not" rolling codes, (Chamberlain and Genie, which each have a different recipe to achieve this rolling code idea should be okay, unless I am wrong). I have been in the business for years, and don’t belive they are hacking it yet (?).

  • That was definitley a story that I couldnt stop reading. Edge of your seat stuff and thought provoking too! :)