I read on the Internet that it's very easy to program new blank key for any push button start vehicle connecting some sort of device to OBD2 port - takes a couple of minutes. And here you go - your truck is stolen. So I wonder if somebody figure how to lock OBD port. Locked OBD port looks like a reasonable and non-intrusive theft prevention but I couldn't find any port locking device for 4Runners.

I wonder if you'd be better off with a killswitch style setup that would kill one of the pins on the port. You could even put the switch hella out of the way super inconvenient because you won't need to activate it that much.

That would be interesting too, but I expect it will be more work since OBD port is not in real convenient place to work with. Besides I'm not sure what pin would thieves use and switch can't be too far for the port and probably easily traced by wires. I know that there's a fuse for OBD port, but I think if you have powered OBD scanner you probably don't use vehicle power. Ideally I would like to find some sort of bracket or enclosure for OBD port with a lock. Preferable with easy installation : )

You mean like the doors on the 4runner?

I have to admit, this feels like a solution looking for a problem. Unless I'm mistaken, the instance of key programming to steal a car is extraordinarily rare and specific...

I can't really imagine a situation in which a thief is motivated enough to have this equipment and knowledge, and covertly break into an otherwise common 4runner, only to be thwarted by a locked cover over the OBDII port.

¯\_(ツ)_/¯

What is extremely rare now could be common thing in a year or two : ) As far as I understand 4Runners are quite desirable vehicle for car thieves and using key signal amplifier or programming keys are quite common nowadays. A solid locked box covering OBD port seems to be an easy theft prevention without any hassle or risk associated with cutting wires, installing kill switches, removing relays and so on. If a thief cannot get key signal or connect to ODB port the only other way to steal a car is a tow truck, but it's way more involved that just drive it away in 5 min : )

For PTS you need a working valid fob to program another, same with key start with the exception of the valet key.

If you have no fob or master key, it can take a couple hours to program replacements. The wait time is by design to prevent just this.

Maybe it wasn't key duplicating, just hacking car computer to start the engine.
Probably they use some modified software without wait time - I have no idea, I wish new 4runners have old fashioned keys. With those push buttons it looks like stealing cars become easier:
Thieves using high-tech to steal high-end vehicles across Miami-Dade | NewsRadio WFLA | Florida News

Yes you can use a scantool and software to program a new Smart Key, but to do so; you need an already registered key to start and complete the process. If you lack a registered key, then you're doing what's called an Immobilizer Reset or "Re-Seed" which requires you to pull and send a code to Toyota to receive a seed code to reset the Smart Key/Smart Access module. To do that you have to make an Immobilizer/Smart Key Reset Request, that will have the code that you pull from the Smart Key/Smart Access Module, the technician's information, and the customer's information (vehicle VIN, owner's name, and some other minor information; we're also supposed to "confirm that we have proof of vehicle ownership via registration, driver's license and/or other documentation at the time of the request" so *IF* Toyota wanted to be a pain they could request I guess copies of those documents); after you've made the request that request still doesn't go to Toyota yet, it needs to be approved by the shop foreman, parts manager, service manager, and/or any significantly high up member of the management team. After the request is approved, it is kicked back to the technician who can then submit the request to Toyota who will process it and kick out a seed code, that seed code is only good for 10 minutes (if you don't use it in time or try to use it too many times without success the process starts all over again, put too many requests within a short time frame and it gets flagged supposedly by Toyota and then it becomes a whole thing), now you need to input that code into the Smart Key/Smart Access Module via the scantool and wait about 15-16 minutes for the vehicle to "reset," this requires that the door stay open and the vehicle has sufficient stable voltage (Toyota wants a stable voltage above 13v, so basically a battery tender or jumper pack, if it drops below about 11.5v or so it can cause big issues like bricking one or more modules). Once that's done the key fob you have with you (be it the original or a new one) can be used to program to the vehicle, after that the process is the same as if you had an existing registered key fob all along.

I highly doubt that thieves are even attempting to do that process on vehicles, it's too much trouble and too many places in the process where they could get flagged/noticed on the software side of things let alone by someone walking by. "Hacking" the vehicle via the OBD-II port is possible, but the way smart keys are coded they use a rolling code similar to most 2-Factor authentication devices used by... well most everyone these days, this requires that hose device (the 4Runner) and the transmitting device (the smart key) are paired together, there is no static "password" it's a constantly changing set of identifying code that only the immobilizer can read and only with the super secret decoder ring that was created when the key was paired to the vehicle. That being said it isn't hack-proof, but it's difficult to brute force your way in or duplicate the code (I am sort of simplifying a lot as I am not a software engineer and my knowledge about this is from Toyota's documentation and my experience with minor IT work and computers). Hell, maybe the ECM is super easy to get to on a Dodge (I mean some of our ECUs are behind the glovebox) and they have some modified ECU that they can quickly plug in that tricks the car; I am not sure how you'd do the software side of things for that. But the immobilizer module is usually what tells the ECU that it's okay to start and run the vehicle after it verifies the key code of a registered key, so I supposed if you a way to just modify the logic of an ECU so that it thinks it's all good and ignore the immobilizer you could make that work (I know a couple older Toyota ECUs came in "learning" mode and you just needed to force a handshake with a paperclip/jumper wire in the OBDII port and a key in the ignition to get it to learn 1 new key and get going).

~

Looking at the news link you posted, both vehicles were Chrysler products. Chrysler was the first vehicle brand that started the whole "you can hack my car" thing. Their system hierarchy is garbage, guys were using the OBD-II port to talk to the infotainment system which for whatever stupid reason had ridiculous permissions and allowances to talk to and command other modules in the vehicle. So much so that one team of engineers figured out how to use their laptop to not only bypass the security on a Jeep Cherokee but also basically make it drive itself. It would not surprise me if Chrysler never really bothered to adjust their programming in these vehicles and/or they never really fixed the security holes in their vehicles. I'm not entirely sure what the thieves are using to bypass the security features of the vehicle, but I imagine that it's taking advantage of some stupid thing Chrysler did (this is the same company that went bankrupt like two or three times, sold off by the US government, is now owned by Fiat, and even then they're still struggling).

As for how they could do it in a Toyota? Well I have heard of one way to do it where once the thieves have found a target vehicle or vehicles (usually one specific brand as they'll have a device they bought off the dark net that's programmed for that brand) they'll "case" that area for a bit with an antennae filtering for the vehicle's smart key transmissions. Once they've collected enough code callouts they can input it into the device they have and it'll crunch the numbers to duplicate the super secret decoder ring and then they just use that to tell the vehicle that they are a registered owner and off they go. I am sure there are plenty of other methods out there, Toyota supposedly has been adding dedicated firewall modules into their gateway ECUs since the release of the 4th gen Prius; they kinda made a bit flourish about it back then and mentioned it a couple times they planned to include security features that would prevent easy hacking via the OBD-II port. Honestly, now that you've mentioned this type of stuff again, maybe I should see if they've actually been doing what they said they would do?

~

As for "Locking" the OBD-II port, there's not much you can really do... Sure you could build some sort of physical lock-out device; but then you need to give the key to the mechanic every time you get the vehicle serviced for anything that might need it. Not to mention that you could just wire tap the communication lines and still talk on the vehicle's internal network (some aftermarket alarms require you to do this for their "smart features" and man does it cause issues sometimes...); so now you'd have to armor the OBD-II wiring too I guess? Plus if they have already gotten into your vehicle and have access to your OBD-II port then you're kind of already in a worst case scenario and they probably have a back-up plan if they couldn't get to the OBD-II Port (assuming that's how they were attempting to steal your vehicle)
Even then, most of the really skilled/professional thieves just show up with a flatbed and act like they are repossessing your vehicle, the majority of people won't even bat an eye at them and by the time the vehicle is reported stolen and you've activated LoJack or something similar the car is either in a shielded shipping container or already on a boat out to sea to be dismantled. At the end of the day it's like having a ridiculously pick-proof lock on the door to your house, sure it'll keep most thieves out and would require either a very skilled lockpick or the Lockpicking Lawyer to open quickly. But most thieves will just break a window or some other weak section of the home to get in. Where there's a will there's a way.

Post Note-

The "old school" keys were even easier to bypass supposedly because they don't have a rolling code like the smart keys do. Thieves would just duplicate the wireless signal from your keyless entry to unlock the vehicle and then brute force their way past the immobilizer because the key code was a static encryption key that didn't change every time it was requested. Apparently some even had antennae powerful enough to pick up the faint RFID signal from your pocket or when you stuck it into the ignition. So it's basically the same situation there.

Thanks for taking time to explain this, I feel a little bit better now.
I was thinking about locking OBD port since it seems to be an easy thing to do. There are few OBD enclosures on the Internet, mostly in Europe, but I couldn't find something what fits 4Runner for sure. For 11 years of ownership of my old 2010 4Runner I used ODB port exactly 1 time for neutral switch, so I guess it's not a big deal to have it enclosed in steel locking box of some sort.
I came across lots of news articles about lots of Lexus and Toyota stolen, like this one - Police still frustrated by hundreds of high-end Toyota, Lexus thefts | CBC News . So rumors are that even if you have key deactivated, there are still ways to steal Toyotas without tow truck. I'm sure you're right and use of OBD port for that is a long process, although I afraid that if there access to onboard computer - it can be hacked to start vehicle without key. I'm not really like the idea that now my car key talks to the T4R all the time and I can start my truck via Toyota app. Setup the app is of course long process to set it up involving talking to Toyota, but if there a possibility to start engine via onboard computer without key - it might be hacked one day.

Got here by searching for OBD lock.

I am in Ontario Canada and car theft is crazy here.
On my street 2 people had their Toyotas (4runner and HL) stolen twice!!! within 2 years

you can google it, there are articles in CBC etc.

My Toyota sales guy said (if you can believe a sales guy) thieves tried to work around OBD lock on his LX for 2 hours (caught on video), but no luck.
OTOH, 4 new cars were stolen from the dealership log couple month ago.
Gives the name 'stealership' a new meaning, don't it? LOL

Anyone finds a source for ODB lock, post it here please.

BTW, I got 22 Trail edition for that reason precisely, no smart key.

Did you even read any of the post BlackWorksInc wrote? Because I feel you didnt.