Friendly neighborhood hacker helps family regain access to locked car

One-of-a-kind key lost? Nothing that chip reprogramming can’t solve!

David bisson
David Bisson

Friendly neighborhood hacker helps family regain access to locked car

A benevolent hacker has helped a family regain access to their car after they misplaced its corresponding one-of-a-kind key.

In June 2016, John and Maria Higgins took their two children to Victoria in Canada for a family wedding. They then all went out to eat after the special day. If you have children, you know how easily something as simple as going for dinner can turn into an “event.”

2275cf805d24d9af4bd07ff4216c958a dining funny photos

Sign up to our free newsletter.
Security news, advice, and tips.

Well, one thing led to another, and the family misplaced their keys for their Toyota Estima family wagon at some point in the evening. These weren’t just any car keys, however. As John explained on Facebook at the time:

“What was picked up is the only three-button RFID transmitter key in existence on this continent for our van. This vehicle is a Japanese import with a sophisticated immobilizer, and the key has a chip in it that can’t be duplicated by North American Toyota dealers. I bought the vehicle a month ago from a dealer on the mainland who led me to believe they would be receiving another key for it from Japan in the few weeks following our purchase. This was not the case; as the manager just informed me, most cars sold by auction in Japan come with only one key and they haven’t gotten anything else from the auction since.”

John and Maria tried to get a copy of the key from the local key cutter, but alas, they didn’t have it in stock. They also tried reaching out to Toyota, but the manufacturer’s branches in the United States, Canada, and Tokyo couldn’t offer a replacement. So they slapped a $500 reward on their lost keys, shared their story on Facebook, and waited.

Two months passed. No one turned in the keys. But a hacker reached out to the Higgins and said they could help the family.

According to International Business Times, the Higgins had the car towed to a mechanic. With the family’s permission, the hacker accessed the car’s on-board immobilizer computer, found the chip that stored the key codes, and reprogrammed the chip to accept new codes.

In total, the family paid $5,000 for the return of their car.

Toyota EstimaJohn had “no hard feelings” for Velocity Motors, a car dealer in Burnaby which imported the car from Japan and graciously covered half the family’s total bill. The same cannot be said about Tokyo. As he told Times Colonist:

“[A replacement key] is sitting on a shelf in a warehouse in Japan somewhere, and it’s not that they couldn’t send it – it’s that they won’t. I understand that if they helped every person out there who lost a key to a minivan, they would do nothing else, but to string us along for seven weeks saying [maybe] is tough. It would have been nice to know [they wouldn’t help] seven weeks ago.”

Given the types of digital security threats that plague smart cars these days, it’s important for manufacturers to be upfront with their customers. That might include saying they can’t help stranded families in certain situations. Then again, sending a replacement key shouldn’t be that much of an issue, especially in an industry where customer loyalty carries some significance.

Hopefully, Tokyo will publicly acknowledge the Higgins’ story at some point and provide their side of what happened.

For further discussion on this story, make sure to listen to this episode of the “Smashing Security” podcast:

Smashing Security #038: 'Gents! Stop airdropping your pics!'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “Friendly neighborhood hacker helps family regain access to locked car”

  1. Matt

    Nice story. I think several references to "Tokyo" in the article should read as "Toyota"

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.