Friendly neighborhood hacker helps family regain access to locked car

One-of-a-kind key lost? Nothing that chip reprogramming can’t solve!

Friendly neighborhood hacker helps family regain access to locked car

A benevolent hacker has helped a family regain access to their car after they misplaced its corresponding one-of-a-kind key.

In June 2016, John and Maria Higgins took their two children to Victoria in Canada for a family wedding. They then all went out to eat after the special day. If you have children, you know how easily something as simple as going for dinner can turn into an "event."

2275cf805d24d9af4bd07ff4216c958a dining funny photos

Well, one thing led to another, and the family misplaced their keys for their Toyota Estima family wagon at some point in the evening. These weren't just any car keys, however. As John explained on Facebook at the time:

"What was picked up is the only three-button RFID transmitter key in existence on this continent for our van. This vehicle is a Japanese import with a sophisticated immobilizer, and the key has a chip in it that can't be duplicated by North American Toyota dealers. I bought the vehicle a month ago from a dealer on the mainland who led me to believe they would be receiving another key for it from Japan in the few weeks following our purchase. This was not the case; as the manager just informed me, most cars sold by auction in Japan come with only one key and they haven't gotten anything else from the auction since."

John and Maria tried to get a copy of the key from the local key cutter, but alas, they didn't have it in stock. They also tried reaching out to Toyota, but the manufacturer's branches in the United States, Canada, and Tokyo couldn't offer a replacement. So they slapped a $500 reward on their lost keys, shared their story on Facebook, and waited.

Two months passed. No one turned in the keys. But a hacker reached out to the Higgins and said they could help the family.

According to International Business Times, the Higgins had the car towed to a mechanic. With the family's permission, the hacker accessed the car's on-board immobilizer computer, found the chip that stored the key codes, and reprogrammed the chip to accept new codes.

In total, the family paid $5,000 for the return of their car.

Toyota EstimaJohn had "no hard feelings" for Velocity Motors, a car dealer in Burnaby which imported the car from Japan and graciously covered half the family's total bill. The same cannot be said about Tokyo. As he told Times Colonist:

"[A replacement key] is sitting on a shelf in a warehouse in Japan somewhere, and it's not that they couldn’t send it - it’s that they won’t. I understand that if they helped every person out there who lost a key to a minivan, they would do nothing else, but to string us along for seven weeks saying [maybe] is tough. It would have been nice to know [they wouldn't help] seven weeks ago."

Given the types of digital security threats that plague smart cars these days, it's important for manufacturers to be upfront with their customers. That might include saying they can't help stranded families in certain situations. Then again, sending a replacement key shouldn't be that much of an issue, especially in an industry where customer loyalty carries some significance.

Hopefully, Tokyo will publicly acknowledge the Higgins' story at some point and provide their side of what happened.

For further discussion on this story, make sure to listen to this episode of the "Smashing Security" podcast:

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

One Response

  1. Matt

    August 16, 2017 at 11:01 am #

    Nice story. I think several references to "Tokyo" in the article should read as "Toyota"

Leave a Reply