A benevolent hacker has helped a family regain access to their car after they misplaced its corresponding one-of-a-kind key.
In June 2016, John and Maria Higgins took their two children to Victoria in Canada for a family wedding. They then all went out to eat after the special day. If you have children, you know how easily something as simple as going for dinner can turn into an “event.”
Well, one thing led to another, and the family misplaced their keys for their Toyota Estima family wagon at some point in the evening. These weren’t just any car keys, however. As John explained on Facebook at the time:
“What was picked up is the only three-button RFID transmitter key in existence on this continent for our van. This vehicle is a Japanese import with a sophisticated immobilizer, and the key has a chip in it that can’t be duplicated by North American Toyota dealers. I bought the vehicle a month ago from a dealer on the mainland who led me to believe they would be receiving another key for it from Japan in the few weeks following our purchase. This was not the case; as the manager just informed me, most cars sold by auction in Japan come with only one key and they haven’t gotten anything else from the auction since.”
John and Maria tried to get a copy of the key from the local key cutter, but alas, they didn’t have it in stock. They also tried reaching out to Toyota, but the manufacturer’s branches in the United States, Canada, and Tokyo couldn’t offer a replacement. So they slapped a $500 reward on their lost keys, shared their story on Facebook, and waited.
Two months passed. No one turned in the keys. But a hacker reached out to the Higgins and said they could help the family.
According to International Business Times, the Higgins had the car towed to a mechanic. With the family’s permission, the hacker accessed the car’s on-board immobilizer computer, found the chip that stored the key codes, and reprogrammed the chip to accept new codes.
In total, the family paid $5,000 for the return of their car.
“[A replacement key] is sitting on a shelf in a warehouse in Japan somewhere, and it’s not that they couldn’t send it – it’s that they won’t. I understand that if they helped every person out there who lost a key to a minivan, they would do nothing else, but to string us along for seven weeks saying [maybe] is tough. It would have been nice to know [they wouldn’t help] seven weeks ago.”
Given the types of digital security threats that plague smart cars these days, it’s important for manufacturers to be upfront with their customers. That might include saying they can’t help stranded families in certain situations. Then again, sending a replacement key shouldn’t be that much of an issue, especially in an industry where customer loyalty carries some significance.
Hopefully, Tokyo will publicly acknowledge the Higgins’ story at some point and provide their side of what happened.
For further discussion on this story, make sure to listen to this episode of the “Smashing Security” podcast:
Smashing Security #038: 'Gents! Stop airdropping your pics!'
Listen on Apple Podcasts | Spotify | Google Podcasts | Pocket Casts | Other... | RSS
More episodes...
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
Nice story. I think several references to "Tokyo" in the article should read as "Toyota"