All it takes to hack and open some remotely-controlled garage doors is a slightly modified pink texting toy&#x2014;and less than ten seconds.

That's according to Samy Kamkar, a well-known hacker, who [claims to have found a way](http://samy.pl/opensesame/) to open all remotely-controlled garage doors from certain manufacturers with a modified and outdated wireless texting toy marketed specifically at girls that can be bought on Amazon or eBay for less than $50.

The toy, a [Mattel Radica Girltech IM-ME](http://service.mattel.com/instruction_sheets/L7281%20Manual%20final.pdf), comes with a radio frequency (RF) chip, an LCD display, backlight and keyboard&#x2014;"all the equipment we need to pull off the attack," Kamkar wrote in a [detailed post](http://samy.pl/opensesame/) about his new research.

"We could have built our own device," Kamkar wrote, "but the beauty of this is that it's all already packaged up for you, inexpensive, and is my favorite color."

"A two-character password on a website is more secure than most garages."

With some modifications, the toy can be programmed to transmit all possible combinations to unlock popular garage doors made by manufacturers like [Nortek](http://www.nortekcontrol.com/product_detail.php?productId=949) and [North Side](http://www.northshorecommercialdoor.com/pu99gaandgad1.html), which have fixed pin codes, according to Kamkar. These garage doors are trivial to crack because some of their door opener devices only accept 12 bits combinations, which means there are only 4096 possible combinations.

"A two-character password on a website is more secure than most garages," Kamkar said in [a video](https://www.youtube.com/watch?v=iSSRaIU9_Vc) explaining the hack.

OpenSesame is a device that can wirelessly open virtually any fixed-code garage door in seconds, exploiting a new attack I've discovered in many wireless garages and gates. Using a child's toy from Mattel. http://samy.pl/opensesame

By Samy Kamkar

Can exploit *some* garages from: Liftmaster, Chamberlain, Stanley, Nortek, Linear, Multi-code, NSCD/North Shore commercial Door, Delta-3, Moore-O-Matic

Are you vulnerable? More details and writeup at http://samy.pl/opensesame

Subscribe to my channel for more Applied Hacking videos: https://www.youtube.com/subscription_center?add_user=s4myk
Follow me on Twitter: https://twitter.com/samykamkar
Join my mailing list: http://samy.pl/list/

OpenSesame - hacking garages in seconds using a Mattel toy

To rig the toy, Kamkar used a device made by another security researcher, which allowed him to reprogram the Radica Girltech IM-ME.

The result is a rigged toy that takes less than ten seconds to unlock a garage door, as you can see in the video.

Kamkar called this attack OpenSesame and he even [released](https://github.com/samyk/opensesame) the code that he wrote for it on GitHub. The code, however, is slightly modified so that it can't be reproduced and abused by criminals.

"It almost works, but just not quite, and is released to educate," Kamkar wrote. "If you are an expert in RF and microcontrollers, you could fix it, but then you wouldn't need my help in the first place, would you."

The good news is that newer garage door receivers use rolling codes and are not vulnerable to the OpenSesame attack, according to Kamkar, who also released [another video](https://www.youtube.com/watch?v=xcUpg-qAJ74) explaining how to figure out if your garage door is vulnerable and what to do to protect against attacks like this.

The bad news is that for many garage doors, all it takes is a seemingly innocent pink toy.

FYI.

This story is over 5 years old.

This Kids' Toy Can Hack Garage Doors in Seconds

FYI.

This story is over 5 years old.

This Kids' Toy Can Hack Garage Doors in Seconds

ONE EMAIL. ONE STORY. EVERY WEEK. SIGN UP FOR THE VICE NEWSLETTER.