Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Helps Family Recover Minivan After Losing One-Of-A-Kind Car Key (bleepingcomputer.com)

Posted by EditorDavid on from the picking-your-own-locks dept.

An anonymous reader writes: A hacker and a mechanic have helped a family regain access to their hybrid car after they've lost their one-of-a-kind car key while on vacation. The car in question is a Toyota Estima minivan, which a Canadian family bought reused and imported from Japan. When they did so, they received only one key, which the father says he lost when he bent down to tie his son's shoelaces.

Because it was a hybrid and the on-board computer was synced to the battery recharge cycles, the car owner couldn't simply replace the car key without risking the car battery to overcharge and catch fire. After offering a reward, going viral on Facebook, in Canadian media, and attempting to find the lost keys using crows, the family finally accepted the help of a local hacker who stripped the car apart and reprogrammed the car immobilizer with new car keys. The whole ordeal cost the family two months of their lives and around $3,500.

9 of 169 comments (clear)

  1. Re:Why? by epyT-R · · Score: 5, Insightful

    Welcome to the future of overengineered garbage.

  2. picture of keys by Bender+Unit+22 · · Score: 3, Interesting

    Now that they have posted pictures of their analog keys, I hope they have replaced those too.

  3. Just go down to a dealer by guruevi · · Score: 3, Insightful

    Using the VIN number, they can reproduce ANY key for ANY model the manufacturer carries. Sure it may be a bit of a hassle but with proof of ownership, any dealer can reproduce the keys. I've done it a number of time, a key just to get in the car is often free and a smart key can cost $150-250.

    For $3500 you could've flown to Japan, gone down to their HQ and flown back with a key.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re: Just go down to a dealer by Anonymous Coward · · Score: 4, Insightful

      I read it and it's still bullshit stupid. The key doesn't encode recharge cycles. How would you have multiple keys? Regardless, having a failure mode that will intentionally overcharge the batteries is insane. The Japanese engineers are not that stupid. Advice from local mechanics about import hybrids -- yeah.

      Like any rational design the immobilizer is likely not part of the ecm but self contained or part of the bcm. Order a new one, with keys, from a Japanese dealership. I do wonder if they use canbus now for this instead a dedicated line between the immobilizer and the ecm.

  4. Re:I call shenanigans by mhkohne · · Score: 3, Insightful

    Add to that the fact that you can go to any dealer and get a key with the same code (which means the on-board software has no idea that it is different) for something like a few hundred dollars, and there is a bit of a fishy smell about this story.

    Are you sure this is true? I was under the impression that this was NOT possible. You CAN got to a dealer and get new keys - they just have to register them with the on-board computer. Which presumably they were unable to do in this case because they had NO valid keys? That seems odd to me too - you'd think a dealer could just reset the computer to zero and enroll some new keys.

    Also, the summary text is far more confusing than the actual article text. The fear of recharge related failure came from the mechanic recommending against letting a hacker at the thing due to fear that hacking it would screw up the computer as a side effect, not because the key was somehow vital.

    Terrible summary. And probably some stupid going on somewhere in the chain of events - I really don't believe a dealer couldn't have dealt with this somehow.

    --
    A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
  5. Re:WTF by JBMcB · · Score: 3, Insightful

    Potential Failure Mode: Battery overcharges
    Effects: Car catches fire
    Secondary: Possibly killing people or setting structures on fire
    Cause: Replacing lost vehicle key
    Severity: Catastrophic
    Risk: Unacceptable
    Mitigation: Never replace lost car key

    Yeah something here isn't adding up

    --
    My Other Computer Is A Data General Nova III.
  6. Re: Why? by corychristison · · Score: 3, Informative

    Many manufacturers are different.

    If you have 1 key, generally it's much, much easier (and affordable) to get a duplicate made. If you have no keys, generally your only route is the dealer for modern cars. Depending on the year and manufacturer, you can not make a new key from just the VIN. Ford specifically dumps their records after 10 years.

    I worked in a locksmith shop a few years ago, and every vehicle is different. Many manufacturers you can simply "clone" the existing key, and it will simply work without issue. Some other manufacturers you need to cut the key to a new key, and program the new key into the system. Sometimes it's as simple as turning the existing key in the ignition to accessory, leaving it there for a few seconds, turn it off, remove the key and insert the new key and turning it to accessory as well (most 2005-2012 Chevrolet's are this way). Sometimes you need to turn to Accessory 3-10 times for it to program, then you can start the vehicle with the key.

    Some need you to use an external device plugged into the CAN bus to program the new key in (many Fords, and Lincolns).

    When it comes to imports, however, all bets are off. We built keys, and rebuild ignitions to jimmy-rig systems together in some cases. You do what you need to do to make the customer happy. Our experiences were with older models, and nothing too technically advanced. Simple transponder based keys and ignitions, which are generally easy to work with.

    My personal vehicle uses a proximity fob, and they are much more complicated. Just as I left the locksmith shop, they came out with a way to clone the "key" part (you stick it in a slot in the center console to start the car), but not the proximity feature. If I wanted an additional proximity key, I would need to buy a new one from the dealer, and have them program it in to the tune of around $400. Thankfully I have two, but if one becomes lost I'll buy another without hesitation, as my body wouldn't be able to contain my anxiety I would have with the thought of losing the only key.

  7. Re:While we're on the subject.... by guruevi · · Score: 3, Insightful

    It's a BS FaceBook Please-Fund-Me story. Any mechanic could've taken out the car computer and purchased a new one and installed it for less than $1500. Even if the car was out-of-country, it's a risk you take that when you buy exotic cars you may have to pay extra for repairs.

    I had an older Buick that had gone on the fritz where basically the keys would start the car but not unlock the gearbox or any other theft prevention (the radio would refuse to work, the car could not be remotely unlocked).
    My garage charged $500 to the warranty provider for a brand new "computer" and swapped out the keylock mechanism, and they simply reprogrammed my key (and then I had to go back with my other key to get it reprogrammed as well).

    And if I didn't want to pay the dealership an exorbitant amount, there are numerous websites that offer OEM-compatible key replacement and ECU reprogramming services including the Toyota Estima in the story.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  8. Re: Why? by Miamicanes · · Score: 5, Informative

    You're assuming a future smart TV won't do bullshit, like refuse to do anything when powered up for the first time because it's hellbent on checking for updated firmware (read: the TV went to manufacturing 6 months before it even HAD working firmware, so they manufactured it with little more than an internet-connected bootloader on the assumption that by the time it ended up in stores, they'd (hopefully) have working firmware for it ready for buyers to download.

    Think it can't happen? Hardware like that already exists. One of my friends has a Nintendo 3DS. He bought a new game for it to play in the car on a weekend road trip the night before we left, and ran it for the first time after we were on the road. The game came on cartridge. He put in the cartridge, powered up the system, and had a "fuck my life" moment when it refused to let him do anything until he downloaded an update. If he hadn't been able to tether to my phone, he would have been screwed and unable to play it for several hours. This was a CARTRIDGE GAME that effectively refused to run until it managed to connect to the internet and download something.

    By the same token, I can't think of a single time... EVER... when I've been able to stick in a game disc for an Xbox 360, Xbox One, or Wii-U & just PLAY the goddamn game without having to endure 2-20 minutes of mandatory downloads and updates before being allowed to continue. When I plugged in by XB1 for the first time on Christmas Day, I spent my first hour and a half as a new owner staring at the glacially-slow download meter. Why? Games now go to manufacturing LONG before they're anywhere close to being play-ready. Physical media is now just proof of having a license.

    Christmas 1983, brand new c64. Plugged it in, turned it on, and wrote my first program in about 20 minutes.

    Christmas 2016, brand new dell laptop. Pluged it in, booted it up, and spent the next 2 hours watching Windows Update install update after update after update.

    We're frogs getting boiled slowly, one shitty piece of hardware at a time.