Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Canada Transportation

Hacker Helps Family Recover Minivan After Losing One-Of-A-Kind Car Key (bleepingcomputer.com) 169

Posted by EditorDavid from the picking-your-own-locks dept.
An anonymous reader writes: A hacker and a mechanic have helped a family regain access to their hybrid car after they've lost their one-of-a-kind car key while on vacation. The car in question is a Toyota Estima minivan, which a Canadian family bought reused and imported from Japan. When they did so, they received only one key, which the father says he lost when he bent down to tie his son's shoelaces.

Because it was a hybrid and the on-board computer was synced to the battery recharge cycles, the car owner couldn't simply replace the car key without risking the car battery to overcharge and catch fire. After offering a reward, going viral on Facebook, in Canadian media, and attempting to find the lost keys using crows, the family finally accepted the help of a local hacker who stripped the car apart and reprogrammed the car immobilizer with new car keys. The whole ordeal cost the family two months of their lives and around $3,500.
This discussion has been archived. No new comments can be posted.

Hacker Helps Family Recover Minivan After Losing One-Of-A-Kind Car Key More

Hacker Helps Family Recover Minivan After Losing One-Of-A-Kind Car Key

Comments Filter:

  • Why? (Score:1)

    by Anonymous Coward

    Why would anyone buy a car like that?

    • Re:Why? (Score:5, Insightful)

      by epyT-R ( 613989 ) on Saturday August 19, 2017 @12:48PM (#55048411)

      Welcome to the future of overengineered garbage.

    • Why would anyone buy a car like that?

      According to TFA, they didn't know what they were buying. The car was originally made for the Japanese market, and later imported to Canada. They should have known something was fishy when they noticed that the steering wheel was on the wrong side.

      Also, according to TFA, it is common in Japan for car buyers to only receive one key, which cannot be duplicated. So I guess the Japanese just never lose their keys, or if they do, they just buy a new car.

      • Re: (Score:2)

        by Nkwe ( 604125 )

        Also, according to TFA, it is common in Japan for car buyers to only receive one key, which cannot be duplicated. So I guess the Japanese just never lose their keys, or if they do, they just buy a new car.

        Actually the article says:

        "This was not the case; as the manager just informed me, most cars sold by auction in Japan come with only one key and they haven't gotten anything else from the auction since."

        I assume that "by auction" implies sales of used cars that are not private party to private party. Surely new cars come with multiple keys.

      • They should have known they were part of a fake story when somebody told them that hybrid cars somehow "keep track" of the state of charge when charging but can't simply test the voltage to know the state of charge any other time, and would somehow overcharge and explode if they disconnected it to replace parts.

        I suspect the timeline is a bit off and the hacker who saved them was also telling them where to get info on the car. Probably also helped them out by calling the dealer for them. And crows?! This is

    • No shit. Why would you want a right-hand-drive car in Canada? Why would dealers even bother shipping them to Canada for resale when there are plenty of other markets in the world where they also drive on the left side of the road? If this were a story out of Australia or the UK, that's one thing... but Canada? Weird.

      • Re: (Score:2)

        by Bert64 ( 520050 )

        Try Myanmar, they drive on the right but 95% of cars on the roads are right hand drive cars imported from Japan...

      • AWD hybrid minivan? Cool. RHD hybrid minivan that is literally impossible to find parts for on this continent? Not so cool. Kind of a neat van but way too rare over here to be even a remotely good idea. When you need anything at all for it, you'll spend forever trying to match parts from Toyota's massive catalog of locally available parts, and probably end up having to order shit from Japan most of the time.

      • Re: (Score:2)

        by dryeo ( 100693 )

        Lots of right hand drive former Japanese cars/trucks here on the wet coast of Canada. The Japanese are very anal about the cars they allow on their roads so once a vehicle hits maybe 30,000 miles, it's junk by their standards.
        Want a Skyline, a mini cab-over truck (4x4 too), a real Landcruiser (diesel too), those weird 4x4 short stubby vans? They're all available here in BC, there's a reseller (importer?) about 15 miles from me.

      • Re: (Score:2)

        by green1 ( 322787 )

        You'd want a right hand drive car in Canada because a right hand drive car is far better suited to driving on the right hand side of the road than a left hand drive car. It's far safer for both you, and for cyclists, pedestrians, and other motorists.

        It boggles the mind that people are willing to drive on the left side of the car when you drive on the right side of the road. It's was a completely arbitrary decision many years ago, and was quite honestly the wrong one.

        But beyond that, you'd import a car from

      • Re: (Score:2)

        by tlhIngan ( 30335 )

        No shit. Why would you want a right-hand-drive car in Canada? Why would dealers even bother shipping them to Canada for resale when there are plenty of other markets in the world where they also drive on the left side of the road? If this were a story out of Australia or the UK, that's one thing... but Canada? Weird.

        Well, you are allowed right-hand-drive cars in Canada (and US too). Though since you typically import them, you usually know what you're getting, and the why part is usually because it's a highl

  • owner couldn't simply replace the car key without risking the car battery to overcharge and catch fire

    That's a thing?

    • That's a thing?

      It sounds suspiciously like bullshit to me. Hacking the immo isn't at all likely to cause that kind of problem. On the other hand, from what we learned about Toyota's coding practices around the unintended acceleration issue, I wouldn't be terribly surprised if a minor misstep could cause basically any kind of problem.

    • Re:WTF (Score:4, Insightful)

      by JBMcB ( 73720 ) on Saturday August 19, 2017 @02:33PM (#55048789)

      Potential Failure Mode: Battery overcharges
      Effects: Car catches fire
      Secondary: Possibly killing people or setting structures on fire
      Cause: Replacing lost vehicle key
      Severity: Catastrophic
      Risk: Unacceptable
      Mitigation: Never replace lost car key

      Yeah something here isn't adding up

  • reset computer - battery explosion WTF (Score:1)

    by Anonymous Coward

    " on-board computer was synced to the battery recharge cycles, the car owner couldn't simply replace the car key without risking the car battery to overcharge and catch fire"
      Really? You mean the computer cannot detect the charge level of the battery and act appropriately. Sounds broken by design if it really works that way.

    • Re: (Score:3)

      by v1 ( 525388 )

      The problem is the key and the computer were paired. To fix the problem requires either duplicating the key (but it was a custom system so that's out) or replace the computer with another one you have the key for. Biut when you replace the computer, THAT was where the charge cycles were stored, and the computer will think it's still using the battery from the vehicle it used to be installed in. (I suppose you could swap the battery too but that would be a whole new problem) The hack was replacing the com

      • Any battery charger that doesn't monitor voltage and temperature is junk. At the very least there should be a way to restart a training cycle.

        • Re: (Score:2)

          by v1 ( 525388 )

          Any battery charger that doesn't monitor voltage and temperature is junk. At the very least there should be a way to restart a training cycle.

          Any decent charger will do that. But it's still necessary to track cycle count to adjust the charge rates and levels as a battery gets older. Risk of fire isn't as big as a lot of media say, that just gets them some more clicks. But improperly charging a battery will definitely shorten its life. And when it's a big, expensive battery, getting every week you can ou

          • Improperly charging shortens life, and tracking is good so that the computer can detect when the battery is starting to fail, but those are totally separate things. You don't charge differently as the battery ages. I read the datasheets before I design my circuits, and all the charger ICs are the same on that point, as are the from-scratch engineering guides.

            Generally the charge cycle count is stored in the battery pack where it available.

            I think the dealer fed him a bunch of bullshit trying to get him to j

    • Yes. The whole story is more or less BS.
      1) who buys a RHD car as an import from JP for use in Canada ?
      2) Battery exploding after losing track of charge cycles. Complete and utter bullshit.
      3) Dealer cannot reprogram the Immo. could be.
      4) Manufacturer cannot reprogram the Immo. Bullshit.
      5) key image is photoshopped

      • Re: (Score:2)

        by dryeo ( 100693 )

        All I know about is number one. There are tons of right hand drive, former Japanese vehicles here in BC. The Japanese have insane vehicle inspections resulting in vehicles being condemned at like 30,000 miles (kms?) and they have some neat vehicles. I see enough on the roads around here that I know they're common.
        The rest of your points, you're probably right except maybe #4. Quite possible that Toyota Canada is quite different from Toyota Japan but who knows.

      • Re: (Score:2)

        by green1 ( 322787 )

        1) Lots of people, the Japanese have great vehicles that were never made available here any other way, they're low mileage, and relatively cheap to import. They also have the benefit of being right hand drive which is a far better driving position for places where you drive on the right side of the road than the conventional left hand drive.
        2) you're 100% right. that's absolute BS
        3) Most dealers in Canada outright refuse to work on vehicles imported from Japan, even if the identical model was sold domestica

        • Re: (Score:2)

          by Askmum ( 1038780 )

          5) *shrug* whatever the key image looks like is irrelevant to the story.

          No it's not. In the facebook page they specifically ask "have you seen these keys". And then photoshopped in the image is a very old fashioned key that really has no place in a modern Toyota. Certainly if it is a hybrid it will only have a keyfob and will not need a physical key to put in a hole to start.

          The whole story is BS from the beginning to the end.

          • Re: (Score:2)

            by green1 ( 322787 )

            Keep in mind this is NOT a modern Toyota, to be imported to Canada it must be (by law) over 15 years old. And many hybrids, especially of that generation, still had physical keys.

            I agree there's a major component to BS here, but I don't think that particular element proves anything at all. I think the only BS part is that the manufacturer/dealer refused to help them (likely because they imported instead of buying domestically) and the whole line about destroying the battery if they did so.
            The rest, the bit

            • Re: (Score:2)

              by stooo ( 2202012 )

              >> Keep in mind this is NOT a modern Toyota, to be imported to Canada it must be (by law) over 15 years old.

              What?
              You cannot import new items in your country ?

              • Re: (Score:2)

                by green1 ( 322787 )

                It is illegal to import a vehicle newer than 15 years old in to Canada unless you are the manufacturer of said vehicle, AND are on a specific list of manufacturers allowed to import, AND the vehicle has never been sold to someone else fist. AND the vehicle is certified to meet all Canadian standards.
                The only exception is certain vehicles from the USA, but only if the manufacturer has specifically authorized that exact model to be imported, AND has provided a letter stating that that specific vehicle (by VIN

  • I really don't want a smart key I've been careful and lost one already.
    I've been tempted to just wire my key into my car, so regular keys would just work.

    • I do this, with an almost-smart key.

      My Dodge minivan requires a transponder key and I have only one. A second transponder key, programmed by the dealer, is over $200.

      I lose stuff, so an irreplaceable key is a bad idea for me. That key is now stuffed inside the plastic housing that covers the lock and I use $2 "dumb" keys instead.

      • I lose stuff too. So for my brand new smart key I bought a brand new carabiner clip for $0.25. My smart key is either on my key rack, in my wife's purse (who isn't so prone to losing stuff) or clipped securely to my belt or laptop bag.

    • I've been tempted to just wire my key into my car, so regular keys would just work.

      There is often simply a little smart "pellet" in the key, and an antenna near or even wrapped around the ignition lock. You take the pellet out, and you glue it to the antenna, and then any key will work forevermore.

  • picture of keys (Score:4, Interesting)

    by Bender Unit 22 ( 216955 ) on Saturday August 19, 2017 @12:49PM (#55048413) Journal

    Now that they have posted pictures of their analog keys, I hope they have replaced those too.

  • Just go down to a dealer (Score:4, Insightful)

    by guruevi ( 827432 ) on Saturday August 19, 2017 @12:50PM (#55048419)

    Using the VIN number, they can reproduce ANY key for ANY model the manufacturer carries. Sure it may be a bit of a hassle but with proof of ownership, any dealer can reproduce the keys. I've done it a number of time, a key just to get in the car is often free and a smart key can cost $150-250.

    For $3500 you could've flown to Japan, gone down to their HQ and flown back with a key.

    • Using the VIN number, they can reproduce ANY key for ANY model the manufacturer carries. Sure it may be a bit of a hassle but with proof of ownership, any dealer can reproduce the keys.

      AND they'll only charge you a few hundred dollars for the privilege*!

      *The privilege of making a new key for a car you own. Something hardware stores used to do for around three or four bucks.

      • Re: (Score:2)

        by guruevi ( 827432 )

        Sure, but it's not $3500. And you can still get a copy of your key that will open your car, it just won't start it. And if you really want to, there are third party keys that you can reprogram yourself for ~$50.

      • "something hardware stores used to do for around three or four bucks."

        And something the hardware stores will still do for older models that lack the nifty "features" of modern cars. Things like ... well, I can't think of many. You can add an aftermarket backup camera and a radio that does GPS, will play mp3s and can talk to your smartphone for maybe $150 plus maybe $100 or $150 labor if you don't fancy soldering a few wires. Threading the video feed for the camera can be a drag. But you can pay someone

  • batteries could charge until they explode so no sa (Score:3)

    by Joe_Dragon ( 2206452 ) on Saturday August 19, 2017 @12:59PM (#55048447)

    batteries could charge until they explode so no safety cut off? if the system fails?

    also what is next the system fails if any non dealer work is done?

  • Because it was a hybrid and the on-board computer was synced to the battery recharge cycles, the car owner couldn't simply replace the car key without risking the car battery to overcharge and catch fire.

    What!? You have to replace the key, and there is some uncontrollable/unresettable battery charging failure? I find that difficult to believe. It suggests that the on-board estimate of battery capacity (which goes down over time, and has to be considered when recharging) somehow gets reset

    • Re:I call shenanigans (Score:4, Insightful)

      by mhkohne ( 3854 ) on Saturday August 19, 2017 @01:19PM (#55048529) Homepage

      Add to that the fact that you can go to any dealer and get a key with the same code (which means the on-board software has no idea that it is different) for something like a few hundred dollars, and there is a bit of a fishy smell about this story.

      Are you sure this is true? I was under the impression that this was NOT possible. You CAN got to a dealer and get new keys - they just have to register them with the on-board computer. Which presumably they were unable to do in this case because they had NO valid keys? That seems odd to me too - you'd think a dealer could just reset the computer to zero and enroll some new keys.

      Also, the summary text is far more confusing than the actual article text. The fear of recharge related failure came from the mechanic recommending against letting a hacker at the thing due to fear that hacking it would screw up the computer as a side effect, not because the key was somehow vital.

      Terrible summary. And probably some stupid going on somewhere in the chain of events - I really don't believe a dealer couldn't have dealt with this somehow.

      • No, I am not sure, but there is something else to this story. It might be gray-market, which can mean that it's possible but they factory refuses to support it.

        • I posted upthread but modern cars often have fairly involved networks onboard with multiple systems where serialized modules are "known" to the network as secure. Tamper with the module, and dealer software can refuse to work. There is a cottage industry of people disassembling electronic modules and doing "brain transplants" by transplanting an EPROM or affixing a kludged daughterboard to new ones so that dealer computers are willing to talk to the car. Yes, the dealers can do something, but they often quo

      • Are you sure this is true? I was under the impression that this was NOT possible. You CAN got to a dealer and get new keys - they just have to register them with the on-board computer. Which presumably they were unable to do in this case because they had NO valid keys?

        A dealer who has the right scan tool with the right software can generally program new keys into the system, but they themselves may not actually have the software to do it. That functionality might actually require that someone in the corporate office perform the process, while the scan tool is connected to both the car and a PC with an internet connection, and the service software installed — like a remote cell phone unlocking. And the US dealers might not even have the right software on their scan

    • Comment removed based on user account deletion

    • That's not what they meant. They meant "we could bypass the hybrid immobilizer and run it as an IC only car, but doing so leaves the hybrid system in an unknown state. It's possible, though unlikely, that this could cause a burst-into-flames failure mode."

      I feel that Toyota JP will probably pipe up at some point and ask why the family didn't contact them directly. People lose keys, even in Japan. It shouldn't have been thousands of dollars and a hack to fix this.

  • So then,,,,, if a hacker can make a new key, what was the point of these microchip keys again?

    And anyway, why would they not just contact a dealer or the manufacturer in Japan to make some new keys, and overnight-ship them? Seems a lot cheaper than $3500 and faster than two months,,,

    I recall reading at one point that such systems were "un-hackable",,,, tho that was a while back now. They don't say that much anymore.

    "You keep using that word... I don't think it means what you think it means..."
    • I won't say they are unhackable, but they are a lot harder to steal than they used to be. In the old days the thief would use a screwdriver and force the lock to start the car. I remember all of the goofy alarm systems and other anti-theft systems that people came up with - they were all a pain, but getting your car stolen was even more of a pain. These days they basically need to use a tow truck.

  • Because it was a hybrid and the on-board computer was synced to the battery recharge cycles, the car owner couldn't simply replace the car key without risking the car battery to overcharge and catch fire.

    ...what?

  • The specifics vary from one manufacturer to the next. With VW, there was a 4-digit PIN number in the ECU that you needed to adapt keys, and generally VW wouldn't give you that number. The people that can chip your engine generally have the know-how to retrieve that number - whether they will or not is another matter, but I had the PINs for both of our cars at one point. At one point, my wife had lost one of her keys. We had another made and paid thee dealer $$ to adapt it. Then we found the missing ke
    • Too late once you've locked the key in the car, but I've seen this (or something very similar) work for a minivan and a prius. You do look stupid while programming, but it's saves you $100 or so. http://www.programyourkeys.com... [programyourkeys.com]

      TOYOTA 1. The vehicle should be in the following condition- A. The key is NOT in- serted in the ignition, B. The driver's door IS open, C. The driverâ(TM)s door is UNLOCKED. 2. Insert the Key into the ignition switch and then pull it out. 3. Press the Master Door Lock Switch 5 times from Lock to Unlock. 4. Close the Driver's door then open it. 5. Repeat step #3. 6. Now select the mode by inserting the key into the Ignition Switch and turning it to the "Run" or "On" position. The programming mode is determined by the amount of times you go from âoekey offâ to the "key on" position and back before pulling the key out. A. 1 time is the "Add" mode. This is used only on some models and it allows you to add a remote to the already existing remotes. The ECU confirms this by locking and unlocking the door locks automatically after you remove the key. B. 2 times is the second mode which will erase all previously programmed remotes and allow you to program new ones. The ECU confirms this mode by locking and unlocking the door locks twice after you remove the key C. 3 times is the third mode which tells you how many remotes are already programmed to the ECU. It confirms this locking and unlocking the door locks the amount of times applicable to the remotes coded. If no remotes are programmed then the ECU locks and unlocks the door locks 5 times. The ECU will hold up to 4 remotes at any one time. 7. Press the Lock and Unlock buttons on the remote simultaneously for 1.5 sec and then press either button by itself for 1 sec. 8. The ECU will perform the Lock/Unlock automatically to confirm that the 1st remote is stored by the ECU. Repeat step 7 immediately with another remote and continue until all remotes are registered. 9. Shut the driverâ(TM)s door and try all remotes.

      • There are usually 2 adaptations. One is to the ECU so you can start the car. The other is to the door locking mechanism, and that adaptation is a separate step. The sequence of steps described above sound like adapting the door locks, not the ECU.
        • There are slightly different procedures for different Toyotas and for the key to start the car vs the fob to open the car. But, from personal experience, you can buy a (chipped) starter key and fob online. Get the key cut at the local hardware store and program both to work. You have to program all the keys/fobs not just the new one. Even opens the power sliders and hatch. The Prius was an expensive "smart" key (keep it in your pocket) and also programmed with a similar (but not identical) procedure to
  • If I had to spend $3500 and hire a hacker, I'd want that custom immobilizer never to immobilize again. A purely mechanical key would be fine.

  • If you buy a newer used car that has an electronic key, and you only get one key, it's ALWAYS worth the $200 something to go to the dealer and get an extra before this happens.

  • I doubt a new key would be $3,500
    Maybe $1,000 at the most.

  • LOL (Score:2)

    by p51d007 ( 656414 )
    Just so they can act all smug that they have a "hybrid" Those silly vehicle cost more to produce, and have more of a carbon footprint than a traditional vehicle, have more toxic materials...but, because they are "green" everyone overlooks that!

  • Google this: Toyota Estima
    (the Japanese means "lost the key").
    I found 3 sites immediately that discuss Toyota Estima. A couple mentioned charges of about 80 USD while another seemed more detailed. It seems that it is a difficult job that requires rewriting the car's computer, but that it can be done in 60 minutes. They quote a cost of about $165 for Osaka area.
    TFA says the Japanese partner (should be Toyota) could not do it and that the importer split the cost so they paid around $2000. It sounds expensive

  • How it ACTUALLY works (Score:3)

    by Kagetsuki ( 1620613 ) on Sunday August 20, 2017 @12:06AM (#55050859)

    I live in Japan and am super into cars.

    You usually get 2 to 4 keys with a new car, always 2 standard with fob/chip, often 1 backup key without fob/chip, and sometimes 1 "valet" key. When you get the keys you get a code tag that you use to order additional keys at any time - loose the tag and you can still order as long as you have an existing key, but you need to send the key in to have the tag info cross referenced. So basically as long as you don't loose the tag and *all* of the fob/chip keys you're totally fine.

    And the whole issue was due to the immobilizer, which was DOING EXACTLY WHAT IT WAS SUPPOSED TO BE DOING. The idea is it makes it very difficult to hot-wire a car, and even if someone does somehow (with a trailer?) steal your car they won't be able to actually use it or sell it without putting in a huge amount of effort.

    So what do you do if you loose all your keys and tag? You bring it to the dealer or an authorized/licensed mechanic who deals with that brand and have the immobilizer unit replaced. I just looked it up, and the cost for that on a newer Estima looks to be about $900USD.

    The dealer/importer should have been able to figure this out much easier but I'm guessing they're just one of those places that grabs cache stock from auto auctions and kludges the paperwork.

  • If you happen to have an upper-level car (in my case Model S), you can run an app on your tablet or smartphone that links to your car and can be used in place of your car's key to open the doors, start the engine, and drive off. There is the downside that this fails if either your phone or the car cant make a cellular connection (or, usually, local WiFi).

    But no key required here.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close