Slashdot Mirror
Hacker Helps Family Recover Minivan After Losing One-Of-A-Kind Car Key (bleepingcomputer.com)
An anonymous reader writes: A hacker and a mechanic have helped a family regain access to their hybrid car after they've lost their one-of-a-kind car key while on vacation. The car in question is a Toyota Estima minivan, which a Canadian family bought reused and imported from Japan. When they did so, they received only one key, which the father says he lost when he bent down to tie his son's shoelaces.
Because it was a hybrid and the on-board computer was synced to the battery recharge cycles, the car owner couldn't simply replace the car key without risking the car battery to overcharge and catch fire. After offering a reward, going viral on Facebook, in Canadian media, and attempting to find the lost keys using crows, the family finally accepted the help of a local hacker who stripped the car apart and reprogrammed the car immobilizer with new car keys. The whole ordeal cost the family two months of their lives and around $3,500.
Because it was a hybrid and the on-board computer was synced to the battery recharge cycles, the car owner couldn't simply replace the car key without risking the car battery to overcharge and catch fire. After offering a reward, going viral on Facebook, in Canadian media, and attempting to find the lost keys using crows, the family finally accepted the help of a local hacker who stripped the car apart and reprogrammed the car immobilizer with new car keys. The whole ordeal cost the family two months of their lives and around $3,500.
Welcome to the future of overengineered garbage.
Now that they have posted pictures of their analog keys, I hope they have replaced those too.
Using the VIN number, they can reproduce ANY key for ANY model the manufacturer carries. Sure it may be a bit of a hassle but with proof of ownership, any dealer can reproduce the keys. I've done it a number of time, a key just to get in the car is often free and a smart key can cost $150-250.
For $3500 you could've flown to Japan, gone down to their HQ and flown back with a key.
Custom electronics and digital signage for your business: www.evcircuits.com
batteries could charge until they explode so no safety cut off? if the system fails?
also what is next the system fails if any non dealer work is done?
Why would anyone buy a car like that?
According to TFA, they didn't know what they were buying. The car was originally made for the Japanese market, and later imported to Canada. They should have known something was fishy when they noticed that the steering wheel was on the wrong side.
Also, according to TFA, it is common in Japan for car buyers to only receive one key, which cannot be duplicated. So I guess the Japanese just never lose their keys, or if they do, they just buy a new car.
Add to that the fact that you can go to any dealer and get a key with the same code (which means the on-board software has no idea that it is different) for something like a few hundred dollars, and there is a bit of a fishy smell about this story.
Are you sure this is true? I was under the impression that this was NOT possible. You CAN got to a dealer and get new keys - they just have to register them with the on-board computer. Which presumably they were unable to do in this case because they had NO valid keys? That seems odd to me too - you'd think a dealer could just reset the computer to zero and enroll some new keys.
Also, the summary text is far more confusing than the actual article text. The fear of recharge related failure came from the mechanic recommending against letting a hacker at the thing due to fear that hacking it would screw up the computer as a side effect, not because the key was somehow vital.
Terrible summary. And probably some stupid going on somewhere in the chain of events - I really don't believe a dealer couldn't have dealt with this somehow.
A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
The problem is the key and the computer were paired. To fix the problem requires either duplicating the key (but it was a custom system so that's out) or replace the computer with another one you have the key for. Biut when you replace the computer, THAT was where the charge cycles were stored, and the computer will think it's still using the battery from the vehicle it used to be installed in. (I suppose you could swap the battery too but that would be a whole new problem) The hack was replacing the computer and importing the battery data from the old computer.
This all sounds rather odd to me, an electric vehicle you can't swap the battery on because the battery data is stored in the car not the battery? Any good laptop computer stores charge data in the battery itself, so a new battery has 0 cycles on it. You can also carry a spare battery with you and the computer can treat them differently. I don't see what sort of genius designs an electric vehicle and stores battery history in the computer rather than in the battery where it belongs.
I work for the Department of Redundancy Department.
I do this, with an almost-smart key.
My Dodge minivan requires a transponder key and I have only one. A second transponder key, programmed by the dealer, is over $200.
I lose stuff, so an irreplaceable key is a bad idea for me. That key is now stuffed inside the plastic housing that covers the lock and I use $2 "dumb" keys instead.
Potential Failure Mode: Battery overcharges
Effects: Car catches fire
Secondary: Possibly killing people or setting structures on fire
Cause: Replacing lost vehicle key
Severity: Catastrophic
Risk: Unacceptable
Mitigation: Never replace lost car key
Yeah something here isn't adding up
My Other Computer Is A Data General Nova III.
Also, in America you do not need to have your car "towed to a shop" to get new keys. You just need to call an authorized dealer and give them the VIN.
My co-worker has a Prius, and he lost the only key. They had to have it towed to the dealership to be reprogrammed to get new keys.
Many manufacturers are different.
If you have 1 key, generally it's much, much easier (and affordable) to get a duplicate made. If you have no keys, generally your only route is the dealer for modern cars. Depending on the year and manufacturer, you can not make a new key from just the VIN. Ford specifically dumps their records after 10 years.
I worked in a locksmith shop a few years ago, and every vehicle is different. Many manufacturers you can simply "clone" the existing key, and it will simply work without issue. Some other manufacturers you need to cut the key to a new key, and program the new key into the system. Sometimes it's as simple as turning the existing key in the ignition to accessory, leaving it there for a few seconds, turn it off, remove the key and insert the new key and turning it to accessory as well (most 2005-2012 Chevrolet's are this way). Sometimes you need to turn to Accessory 3-10 times for it to program, then you can start the vehicle with the key.
Some need you to use an external device plugged into the CAN bus to program the new key in (many Fords, and Lincolns).
When it comes to imports, however, all bets are off. We built keys, and rebuild ignitions to jimmy-rig systems together in some cases. You do what you need to do to make the customer happy. Our experiences were with older models, and nothing too technically advanced. Simple transponder based keys and ignitions, which are generally easy to work with.
My personal vehicle uses a proximity fob, and they are much more complicated. Just as I left the locksmith shop, they came out with a way to clone the "key" part (you stick it in a slot in the center console to start the car), but not the proximity feature. If I wanted an additional proximity key, I would need to buy a new one from the dealer, and have them program it in to the tune of around $400. Thankfully I have two, but if one becomes lost I'll buy another without hesitation, as my body wouldn't be able to contain my anxiety I would have with the thought of losing the only key.
It's a BS FaceBook Please-Fund-Me story. Any mechanic could've taken out the car computer and purchased a new one and installed it for less than $1500. Even if the car was out-of-country, it's a risk you take that when you buy exotic cars you may have to pay extra for repairs.
I had an older Buick that had gone on the fritz where basically the keys would start the car but not unlock the gearbox or any other theft prevention (the radio would refuse to work, the car could not be remotely unlocked).
My garage charged $500 to the warranty provider for a brand new "computer" and swapped out the keylock mechanism, and they simply reprogrammed my key (and then I had to go back with my other key to get it reprogrammed as well).
And if I didn't want to pay the dealership an exorbitant amount, there are numerous websites that offer OEM-compatible key replacement and ECU reprogramming services including the Toyota Estima in the story.
Custom electronics and digital signage for your business: www.evcircuits.com
Also, who designs open loop battery charging systems?
I fuck all about battery charging, but engineers would never design a system that could overcharge and explode batteries based on some old data about how much charge the system thought it might have. And even if they did, why would safety regulators ever approve such a system -- especially in Japan?
The dealer told you that they won't make a key if you show up with the truck and only one key, but if you show up with the truck and no keys at all they will make one?
Either you're gullible and don't recognize an obvious scam or you're not very good at making up stories.
You mean the unintended acceleration that for some strange reason only occurred in the US where people are litigation happy to get rich?
Did you read the results of the code review? You won't ever cross the street in front of a Toyota again.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
You're assuming a future smart TV won't do bullshit, like refuse to do anything when powered up for the first time because it's hellbent on checking for updated firmware (read: the TV went to manufacturing 6 months before it even HAD working firmware, so they manufactured it with little more than an internet-connected bootloader on the assumption that by the time it ended up in stores, they'd (hopefully) have working firmware for it ready for buyers to download.
Think it can't happen? Hardware like that already exists. One of my friends has a Nintendo 3DS. He bought a new game for it to play in the car on a weekend road trip the night before we left, and ran it for the first time after we were on the road. The game came on cartridge. He put in the cartridge, powered up the system, and had a "fuck my life" moment when it refused to let him do anything until he downloaded an update. If he hadn't been able to tether to my phone, he would have been screwed and unable to play it for several hours. This was a CARTRIDGE GAME that effectively refused to run until it managed to connect to the internet and download something.
By the same token, I can't think of a single time... EVER... when I've been able to stick in a game disc for an Xbox 360, Xbox One, or Wii-U & just PLAY the goddamn game without having to endure 2-20 minutes of mandatory downloads and updates before being allowed to continue. When I plugged in by XB1 for the first time on Christmas Day, I spent my first hour and a half as a new owner staring at the glacially-slow download meter. Why? Games now go to manufacturing LONG before they're anywhere close to being play-ready. Physical media is now just proof of having a license.
Christmas 1983, brand new c64. Plugged it in, turned it on, and wrote my first program in about 20 minutes.
Christmas 2016, brand new dell laptop. Pluged it in, booted it up, and spent the next 2 hours watching Windows Update install update after update after update.
We're frogs getting boiled slowly, one shitty piece of hardware at a time.
I live in Japan and am super into cars.
You usually get 2 to 4 keys with a new car, always 2 standard with fob/chip, often 1 backup key without fob/chip, and sometimes 1 "valet" key. When you get the keys you get a code tag that you use to order additional keys at any time - loose the tag and you can still order as long as you have an existing key, but you need to send the key in to have the tag info cross referenced. So basically as long as you don't loose the tag and *all* of the fob/chip keys you're totally fine.
And the whole issue was due to the immobilizer, which was DOING EXACTLY WHAT IT WAS SUPPOSED TO BE DOING. The idea is it makes it very difficult to hot-wire a car, and even if someone does somehow (with a trailer?) steal your car they won't be able to actually use it or sell it without putting in a huge amount of effort.
So what do you do if you loose all your keys and tag? You bring it to the dealer or an authorized/licensed mechanic who deals with that brand and have the immobilizer unit replaced. I just looked it up, and the cost for that on a newer Estima looks to be about $900USD.
The dealer/importer should have been able to figure this out much easier but I'm guessing they're just one of those places that grabs cache stock from auto auctions and kludges the paperwork.
You mean in Japan, where they allowed a nuclear power plant to be built on a coast that gets tsunamis, with cooling pump emergency power generators at sea level?
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
They should have known they were part of a fake story when somebody told them that hybrid cars somehow "keep track" of the state of charge when charging but can't simply test the voltage to know the state of charge any other time, and would somehow overcharge and explode if they disconnected it to replace parts.
I suspect the timeline is a bit off and the hacker who saved them was also telling them where to get info on the car. Probably also helped them out by calling the dealer for them. And crows?! This is just bad fiction.