Using Cryptography to Build a Hack-Proof Garage Door Opener Remote

A typical garage door opener remote is laughably unsecure. While many modern garage door opener manufacturers attempt to improve that security, virtually all of the older models are extremely susceptible to replay attacks. A replay attack is a very easy hack to pull off, because you simply need to record the signal that is sent when someone pushes the button on their remote and then play it back later when they’re not home. Pete Lewis was recently tasked with creating a new cryptographic product for SparkFun, and decided to build a hack-proof garage door opener remote as part of his research.

Lewis' original garage door opener remote had been broken for years, but he had been hesitant to replace it with a DIY system that could potentially be susceptible to attack. When SparkFun assigned him the job of building a new cryptographic product, it gave him the perfect opportunity to research security and come up with a safe solution. He started by learning about the various cryptography chips that are on the market. He eventually settled on a Microchip ATECC508A chip that can use ECC (Elliptical Curve Cryptography) signatures. ECC is similar to RSA (Rivest-Shamir-Adleman) encryption, in that it relies on public and private keys, but the encryption is done with a more efficient algorithm that doesn’t require powerful hardware.

After selecting the ATECC508A chip, Lewis started experimenting with how to configure it. You only get one chance to configure chips like this — they’d be vulnerable otherwise — so he inadvertently bricked a few of them during his tests. Eventually, he was able to get the chips working with SparkFun Pro RF LoRa-enabled wireless boards that have SAMD21 microcontrollers via an I2C connection. One board acts as the remote, while the other acts as the receiver. Both have their own ATECC508A cryptography chips, and the wireless signals being sent between the Pro RF boards are completely encrypted. For all practical purposes, it’s impossible to crack that encryption or perform a replay attack. The only way for a hacker to gain access would be for them to get their hands on the actual remote. Hopefully SparkFun will make these cryptography chips available soon in a package that works with their other products so that we can all build secure remote devices.