Quote:
Originally Posted by scanny
I read on the Internet that it's very easy to program new blank key for any push button start vehicle connecting some sort of device to OBD2 port - takes a couple of minutes. And here you go - your truck is stolen. So I wonder if somebody figure how to lock OBD port. Locked OBD port looks like a reasonable and non-intrusive theft prevention but I couldn't find any port locking device for 4Runners.
|
Quote:
Originally Posted by scanny
|
Yes you can use a scantool and software to program a new Smart Key, but to do so; you need an already registered key to start and complete the process. If you lack a registered key, then you're doing what's called an Immobilizer Reset or "Re-Seed" which requires you to pull and send a code to Toyota to receive a seed code to reset the Smart Key/Smart Access module. To do that you have to make an Immobilizer/Smart Key Reset Request, that will have the code that you pull from the Smart Key/Smart Access Module, the technician's information, and the customer's information (vehicle VIN, owner's name, and some other minor information; we're also supposed to "confirm that we have proof of vehicle ownership via registration, driver's license and/or other documentation at the time of the request" so *IF* Toyota wanted to be a pain they could request I guess copies of those documents); after you've made the request that request still doesn't go to Toyota yet, it needs to be approved by the shop foreman, parts manager, service manager, and/or any significantly high up member of the management team. After the request is approved, it is kicked back to the technician who can
then submit the request to Toyota who will process it and kick out a seed code, that seed code is only good for 10 minutes (if you don't use it in time or try to use it too many times without success the process starts all over again, put too many requests within a short time frame and it gets flagged supposedly by Toyota and then it becomes a whole thing), now you need to input that code into the Smart Key/Smart Access Module via the scantool and wait about 15-16 minutes for the vehicle to "reset," this requires that the door stay open and the vehicle has sufficient stable voltage (Toyota wants a stable voltage above 13v, so basically a battery tender or jumper pack, if it drops below about 11.5v or so it can cause big issues like bricking one or more modules). Once that's done the key fob you have with you (be it the original or a new one) can be used to program to the vehicle, after that the process is the same as if you had an existing registered key fob all along.
I
highly doubt that thieves are even attempting to do that process on vehicles, it's too much trouble and too many places in the process where they could get flagged/noticed on the software side of things let alone by someone walking by. "Hacking" the vehicle via the OBD-II port is possible, but the way smart keys are coded they use a rolling code similar to most 2-Factor authentication devices used by... well most everyone these days, this requires that hose device (the 4Runner) and the transmitting device (the smart key) are paired together, there is no static "password" it's a constantly changing set of identifying code that only the immobilizer can read and only with the super secret decoder ring that was created when the key was paired to the vehicle. That being said it isn't hack-proof, but it's difficult to brute force your way in or duplicate the code (I am sort of simplifying a lot as I am not a software engineer and my knowledge about this is from Toyota's documentation and my experience with minor IT work and computers). Hell, maybe the ECM is super easy to get to on a Dodge (I mean some of our ECUs are behind the glovebox) and they have some modified ECU that they can quickly plug in that tricks the car; I am not sure how you'd do the software side of things for that. But the immobilizer module is usually what tells the ECU that it's okay to start and run the vehicle after it verifies the key code of a registered key, so I supposed if you a way to just modify the logic of an ECU so that it thinks it's all good and ignore the immobilizer you could make that work (I know a couple older Toyota ECUs came in "learning" mode and you just needed to force a handshake with a paperclip/jumper wire in the OBDII port and a key in the ignition to get it to learn 1 new key and get going).
~
Looking at the news link you posted, both vehicles were Chrysler products. Chrysler was the first vehicle brand that started the whole "you can hack my car" thing. Their system hierarchy is garbage, guys were using the OBD-II port to talk to the infotainment system which for whatever stupid reason had ridiculous permissions and allowances to talk to and command other modules in the vehicle. So much so that one team of engineers figured out how to use their laptop to not only bypass the security on a Jeep Cherokee but also basically make it drive itself. It would not surprise me if Chrysler never really bothered to adjust their programming in these vehicles and/or they never really fixed the security holes in their vehicles. I'm not entirely sure what the thieves are using to bypass the security features of the vehicle, but I imagine that it's taking advantage of some stupid thing Chrysler did (this is the same company that went bankrupt like two or three times, sold off by the US government, is now owned by Fiat, and even then they're still struggling).
As for how they could do it in a Toyota? Well I have heard of one way to do it where once the thieves have found a target vehicle or vehicles (usually one specific brand as they'll have a device they bought off the dark net that's programmed for that brand) they'll "case" that area for a bit with an antennae filtering for the vehicle's smart key transmissions. Once they've collected enough code callouts they can input it into the device they have and it'll crunch the numbers to duplicate the super secret decoder ring and then they just use that to tell the vehicle that they are a registered owner and off they go. I am sure there are plenty of other methods out there, Toyota supposedly has been adding dedicated firewall modules into their gateway ECUs since the release of the 4th gen Prius; they kinda made a bit flourish about it back then and mentioned it a couple times they planned to include security features that would prevent easy hacking via the OBD-II port. Honestly, now that you've mentioned this type of stuff again, maybe I should see if they've actually been doing what they said they would do?
~
As for "Locking" the OBD-II port, there's not much you can really do... Sure you could build some sort of physical lock-out device; but then you need to give the key to the mechanic every time you get the vehicle serviced for anything that might need it. Not to mention that you could just wire tap the communication lines and still talk on the vehicle's internal network (some aftermarket alarms require you to do this for their "smart features" and man does it cause issues sometimes...); so now you'd have to armor the OBD-II wiring too I guess? Plus if they have already gotten into your vehicle and have access to your OBD-II port then you're kind of already in a worst case scenario and they probably have a back-up plan if they couldn't get to the OBD-II Port (assuming that's how they were attempting to steal your vehicle)
Even then, most of the really skilled/professional thieves just show up with a flatbed and act like they are repossessing your vehicle, the majority of people won't even bat an eye at them and by the time the vehicle is reported stolen and you've activated LoJack or something similar the car is either in a shielded shipping container or already on a boat out to sea to be dismantled. At the end of the day it's like having a ridiculously pick-proof lock on the door to your house, sure it'll keep most thieves out and would require either a very skilled lockpick or the Lockpicking Lawyer to open quickly. But most thieves will just break a window or some other weak section of the home to get in. Where there's a will there's a way.
Post Note-
The "old school" keys were even easier to bypass supposedly because they don't have a rolling code like the smart keys do. Thieves would just duplicate the wireless signal from your keyless entry to unlock the vehicle and then brute force their way past the immobilizer because the key code was a static encryption key that didn't change every time it was requested. Apparently some even had antennae powerful enough to pick up the faint RFID signal from your pocket or when you stuck it into the ignition. So it's basically the same situation there.