Garage Door Openers: A Rolling Code Protocol Case Study

Rolling code is a keyless access protocol used prominently for garage doors and vehicles entry. In this work, we examine the security of three garage door opener systems which are widely used in the north American markets. Such openers are electronically controlled by wireless remotes and mobile applications. We reverse engineer their rolling code protocol and demonstrate practical attacks that enable an adversary to open the garage door after wirelessly sniffing only one open/close signal produced by the remote control device owner. Our security analysis reveals that such attacks are due to vulnerabilities in the deployment of the rolling code protocol in two out of the three investigated brands. Responsible disclosure procedures have been followed prior to the dissemination of our results.