An Even Simpler Smartphone Garage Door Opener

We have seen smartphone garage door openers in the past, but [Lou's] Hack is beautiful in its simplicity. His door opener tackles the problem without using computers, Arduinos, wireless modules or even any smartphone based applications. For this project all that is needed is a Bluetooth headset and a single transistor. The door opener uses the Samsung HM1100 Bluetooth headset, which [Lou] has done significant testing on to show that his creation is quite secure and will not open the door unexpectedly.

When this headset connects to a phone it produces a beep from the earbud, so [Lou] removed the speaker and replaced it with a transistor. Now he can use the voltage spike produced by the amplifier before the beep as his switching signal. By wiring the transistor in parallel with the door button inside his garage he is able to open the door wirelessly by connecting then right away disconnecting from the headset. This setup is apparently perfectly secure as the only way to initially link your phone with the headset is to be inside the garage. Check out the video after the break for build instructions and a demonstration.

Comments

  1. mrasmus says:

    I’d think that hacking it would be a pretty simple matter of sniffing the Bluetooth pairing as it happens, and looking at the BT Mac Address of the “trusted” phone, and spoofing it with your own device; my understanding is that the pairing profile on most Bluetooth audio devices is actually pretty simplistic/insecure, but I could be wrong.

    Another problem would be approaching this while on a call — with most phones, when you pair a Bluetooth headset, it will “hijack” the call, taking precedence over the built-in microphone/speaker until you disable in software again. Not a huge deal if you see it coming, more of a minor annoyance.

    Both of those things being said, it’s a nice, elegant solution. The security concerns are really unnecessary — if an attacker was sophisticated enough to do that kind of Bluetooth hackery, they’re probably plenty capable with a set of lock picks. Like any lock, it’s more of a deterrent than an absolute defense; it’s simply important to recognize the weaknesses in your system so you can be better suited to strengthen them if it’s found necessary.

  2. Pup says:

    It’s not that you can only pair with the device while inside the garage, you need to physically push a button on the device to put it into pairing mode.

    You could always bruteforce the phone’s BD_ADDR to spoof your way in, but anyone who wanted in that badly would probably just go with a crowbar. :P

  3. fartface says:

    And there is a major problem with the button in the car on the homelink console for opening the door?

    “I dont want to touch that button on my mirror, I want to dig out my phone and press about 12 buttons to open that door!”

    I understand a hack, but rube goldberg solutions are not useful for day to day.

    • dogmatic says:

      This is great for me as I have to use the remote after I leave my garage, because my garage doesn’t have a door into the house. I always forget to take the remote out of the car, so was looking for a way to open with my phone, which I never forget.

    • Sinvex says:

      It’s plenty helpful, especially for motorcycle riders who have an NFC phone.

      I can easily put an NFC tag in my glove or sleeve, and touch it to the pocket I keep my phone in to open the garage door instead of having to stop, dig something out of my pocket, and push a button.

  4. hospadar says:

    “Someone could sniff your bluetooth hardware adress, spoof it, then gain access to your garage!!! MWAHAHAHA”

    or they could like, punch out a window, steal your tv, and skip the garage altogether. Most home security measures are most easily bypassed by thieves and home invaders by simply ignoring them, punching out windows is just too darn easy.

    Take for example lockpicking – lockpicking commercial locks is frighteningly easy, you could learn to do it in maybe 5 minutes – but why bother? Lockpicks are hard to find, take effort to use, and generally add time to theft sentences, so why bother when a tire iron works just as well?

    On another note, I doubt commercial garage door openers are super to secret encrypted impossible to dupe, so this is probably better than the stock solution, and a cool simple hack to boot.

  5. tulcod says:

    @fartface

    some phones connect to coupled bluetooth headsets automatically, you know… plus, it’s a nice hack relieving our electronics-filled lives of yet another device.

  6. Bogdan says:

    Why is it that when someone posts a simple solution for something it either uses something expensive or has such an impractical way of building the solution….

  7. Colecago says:

    @hospadar
    A lot of openers use KEELOQ which I don’t think is trivial to hack.

  8. noisygecko says:

    “Why is it that when someone posts a simple solution for something it either uses something expensive or has such an impractical way of building the solution….”

    This isn’t necessarily that expensive. I have had at least two BT headsets where the audio went bad. It connects and does everything, but sounds like crap to talk on. Would be fine for this situation.

    Except lots of them don’t work when plugged into a charger (I think), so I guess you would have to replace the battery with a power source…

  9. mail junky says:

    Interesting. I would not use it with a garage door opener, but I could see some other applications where it could be applied. Successor to the clapper? In any case, this article seems like a thinly veiled advertisement for software. I’ll pass on it.

  10. xroader says:

    @fartface
    I like this solution – I ride my bycycle to work and don’t like to carry keys. So I leave a garage door open in the bottom of my my bike bag. Alternatively I could set my phone to auto-connect to the headset – when I get close it would open and when I get too far away it would beep again and close. I love it.

  11. o says:

    This is a clever hack. I wouldn’t be worried about it being hacked too much, just keep the power to the garage door turned off when you don’t expect to open it remotely.

  12. milo says:

    I use my garage as a shop, this is fantastic. I’ve been looking for a way to have a garage door opener on me at all times without having a garage door opener on me at all times.

    For all the haters, this is exactly what I’ve been looking for.

  13. barry99705 says:

    @fartface

    Not all of us can afford those fancy pants cars that have a built in opener.

  14. Mike says:

    “Why is it that when someone posts a simple solution for something it either uses something expensive or has such an impractical way of building the solution”

    If you look up the headset he’s talking about, it’s less than $15, plus the $1 transistor (Radio Shack price; sure it’s cheaper online).

    Plus, he even wrote an app (already in the Android Market) to do the connect/disconnect for you by pressing one button.

    This is a super-easy, super-cheap solution that doesn’t even modify your existing setup.

    Am I the only one who actually watched the video all the way through?

  15. uncle sam says:

    this is great for someone like me with an older car who has a big family and occasionally has to park outside the garage. (if i’m late coming home) leaving my garage door opener hanging on the sun visor is a big security risk in that situation.
    i say this is a excellent hack

  16. Rick says:

    Wow. That was a great video explaining everything. This could be very useful for people who need to retrofit an old garage opener for a remote.

    I wonder if you could get something that would open your door when your bluetooth device came into range (but not trigger when leaving range).

  17. Tim says:

    I think this is a fantastic idea and props for writing an app to simplify it even further. I often wish my solution was that simple while I’m at home.

  18. Fredrick says:

    Although I don’t know squat about electronic engineering, the idea seems very unique in that it personalizes the mobile phone as a door opener eliminating the need for a second transmitter to the door. I think it would go over with the masses. Keep going, and I hope you make a huge $$$$$$ from the idea.

  19. Xyroze says:

    @Fredrick

    It is a neat idea for a hack, and there definitely is a degree of utility to it. Though, as others have pointed out, Bluetooth is in no way considered secure, and therefor not a viable alternative for any commercial security device.

  20. angusgr says:

    “Though, as others have pointed out, Bluetooth is in no way considered secure, and therefor not a viable alternative for any commercial security device.”

    Noone who has asserted this seems to know anything about Bluetooth’s security model. Provided it’s Bluetooth 2.1, and the attacker isn’t present at the time of pairing, AFAIK there is no published vulnerability (feel free to point out one.) You pair the headset once with a physical button, use it forever.

    Helpful background reading:

    http://en.wikipedia.org/wiki/Bluetooth#Security_Concerns

    Not to mention people pointing out the appeal of easier breakin options for your house – bricks through windows, lockpicks, etc.

    I think there would be a massive market for someone to build a non-DIY version of this (couple of dollars in components, one less fob on your keychain.)

  21. JJ says:

    This post inspired me to toss this together today with some crap I had laying around:

    http://www.dashfest.com/?p=327

    Totally different method, but gets the same job done!

  22. icebox says:

    I hope this is not one of the headsets that goes bananas when the internal battery is dead. I know it’s on a charger but the battery will die and I’ve seen a few headsets that will not work properly if the battery is dead even plugged in.

  23. chrome says:

    How is a bluetooth headset not a wireless module again?

  24. Beavis123 says:

    Here’s the thing about picking this apart on the basis of security… You know where 99% of interior garage door “open” buttons are mounted? Immediately beside the door, which has a flimsy seal and a minimum of 3/4″ clearance. Most garage security can be defeated by a simple ruler. Press on the edge of the door to open the gap a bit, look for the lit button, swipe at it with the ruler, and immediately jump back.

    …or you could sit across the street for hours with a laptop and a directional antenna, hoping to catch the right traffic. Take your pick.

  25. wassupdoc says:

    From what I know of iPhone development you can’t have access to the bluetooth stack directly ie you can’t turn it off from within an app unless you jailbreak. Also not sure if an app can choose which device to link to.

  26. Mike says:

    Interesting .. but the only real issue I see is that it works off the ‘beep’ spike.

    Any noise that is generated by the phone-headset will result in that spike also…

    Would be a real bummer to use this, and be pulling into the garage with your car and have a connection-related spike (I know my headsets all have BT issues with random noise and freakish connections) and have it reverse and set the door down on your car.

    It simply needs a bit more circuitry in order to ‘latch’ the single Beep tone…

  27. john says:

    Actually this hack is brilliant, as are most of these posts quite the opposite.
    If you actually put the bt device inside the opener box, you could eliminate the button on the wall altogether, as well as the original remote (probabaly not a great idea so soon-lol). The only other issue would be to make sure the bt device always gets it’s charge, which in and of itself, should be rather easy considering where most wall plugs are located in relation to the door opener. Turning it on and off and allowing for multiple phones to use it would be somewhat harder I imagine.

  28. justin says:

    as someone who works in the garage door industry, for the #1 company in that industry… I dont know why the hell we arent jumping on this and building this into our openers now.

  29. Nolan says:

    Why would you worry about someone hacking your bluetooth???? wouldn’t they first need to know that you have applied this hack? and as far as a effort to sell software, you can use this hack without their software and if you buy the software you can use it for everyone in your house…I am building this tonight :)

  30. Hacksaw says:

    @ Justin…because then the industry won’t be able to sell me a $3 electronic device for $40 the next time I trade in the car…

  31. Elias says:

    Another thing many people seem not to think of: you usually leave your garage dor opener on your car, while your phone goes with you everywhere. If a thief steals your car, he has your garage dor opener and can go straight to your home. Hide yo wife and kids!
    Now, even if a thief steals your smarthphone and knows where you live, he’ll probably not look for a way to open your garage door using your cellphone – unless the thief already knows you use your phone for this purpose, which would indicate the thief is someone close enough to know such details about your home.
    Anyway, if you have some knowledge about electronics, you can make a almost-universal garage door opener. It takes much less hardware and knowledge than to make a bluetooth MAC sniffer.

  32. gixxer750 says:

    which transistor do you use?

  33. nah! says:

    would you put such a reciever on your door opener

  34. fuelbrain says:

    This is a wonderful mod. For those who question its security they don’t know balls about bt security. You need to physically push a button to pair it. After that there is no simple way to “sniff a bluetooth” as you might suggest. This is probably just as secure as a real opener which is very secure. They use a pseudo-random rolling code. Everytime you push the button it changes by a seed and everytime the garage door gets a signal it changes too. There is no publicly known way of hacking them or car keyfobs. If you replay the code its just an old code. Btw try pushing yore car keyfob 25 times when your out of range of your car and you’ll find out how rolling code works.. My only critique is no multiple User accomadations and possible le random connects, but this is addressed in the software

  35. Jason says:

    I used this with a slightly different solution. I attached a bluetooth adapter to one of my “always on” PC/servers (I’m a nerd). I wrote a web service that then pulses the adapter to connect and disconnect from the BTmate. So I basically created a web service to open/close my garage door and to tell me the state of the door via my DSC alarm system’s tilt sensor. Then I wrote a little Android app to connect to the web service over SSL and let me query status and open/close.

  36. Tom says:

    Are you going to make an IOS version of your app? Thanks and nice video.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,771 other followers