My 2020 TRD Pro 4runner stolen by organized crime for resale in Africa
 

My beloved 2020 TRD Pro 4runner was just stolen in the night by organized crime for resale in Africa. Crazy 48 hours.

I’m posting here as a warning for anyone in USA or Canada. Police have told me 4runners are now being targeted for theft and resold in other continents on sites like jiji.ng. Just go there and search for 4runner and be amazed. Some still with their US or Canada plates on them, VIN numbers showing and all. Often being sold for higher than new price. Even 2020 and 2019 model years.

UPDATE APRIL 12 2022: Unbelievably, police helped me locate it and I now have it back!

UPDATE APRIL 23 2022: ARG! The same thing happened, the car was stolen again :( ... Details HERE

I was able to see exactly what the thieves did to the car and I’m also posting to shed some light on their sneaky methods, but also hope to spark on some discussion on how they are doing it:

• 4runner was stolen using a “relay attack” right in front of my house overnight. They did not break the physical locks, nor did they have physical access to my keys. My keys were just in the mud room, so they boosted the signal to trick the car into letting them in and starting the engine.
• I live in an area with dense housing so this was a targeted attack. The knew the car belonged to which door address.
• A malicious Apple AirTag was discovered in the car, under the hood. Police presume this was done before the theft, when the car was spotted, then tagged, so that they could know where to steal.
• My wife has reason to believe a car-wash place was “in on it”. The week before, they had access to the car for 30 minutes without her being near the car, and they would have easily been able to find our home address, not to mention putting in the Apple AirTag. Also, she said they were acting very sketchy.
• Right after being stolen, a neighbor’s camera spotted the car in front of a school near my house for about 18 minutes (again, wee small hours of the morning). Apparently, this is when the keys would have been recoded to a new virgin FOB, as I’m told it takes roughly 15 minutes to reprogram new keys.
• In the trunk of the car, the thieves ripped open the ceiling and cut a bunch of wires that go to the rear roof short antenna. I will share pics, it’s a nasty hack job up there. I would love more info on this, but I believe it is all the antennas that connect the GPS and Toyota connected tracking services. Annoyingly, they also severed the washer fluid tube. Now I must fix this all. Ugh.
• After programming their new keys, the car was then driven to a PAID underground parking lot and parked overnight downtown. Presumably, this was done to let the vehicle “cool down” and ensure it isn’t found (presumably the Toyota trackers are not useful underground if the antenna is hacked like mine was).
• The next day I noticed the car was gone, but the police found it within about 5 hours! I am very grateful for that.
• Fun fact: Once parked, the thieves also removed the “short pin fuse” which is in the under-hood fuse box but is not actually a fuse. It is just a metal jumper that needs to be populated for things like keyless entry to work. It was to ensure no battery drain (or any signals get transmitted?).
• The thieves left the doors unlocked, since without the short pin installed, even their new FOB wouldn’t work. Remember: they did not get my physical keys.
• The thieves parked the car with the trunk against a concrete wall, so that the license plate (reported stolen) isn’t readily visible. Tricky, but the cops were savvy enough to know all this.
• If I didn't have a family, I would have probably waited out in the car for the next transfer from the parking lot to the container port. But I didn't have the guts to do that and my wife and kids definitely would not approve. Still...

So, there you have it… I was told by police that within 24 hours it would have been loaded onto a container, and then would eventually show up for sale in Africa. These are targeted attacks, they know exactly how to disable Toyota tracking methods very quickly, and frankly, it’s downright upsetting.

Have you disabled the Smart Key system since this happened? I've been meaning to test this on my new 4Runner.

I recall I did this once on a different Toyota car. I think I was able to disable *only* the proximity unlock and proximity push to start.

The older (and different) tech that allows the button-pressed lock/unlock function from the FOB still worked.

I could only start the car by holding the key right up against the push to start button. I believe this reads a RFID chip in the key FOB and that's why it must be held within an inch or two.

I don't know if the key continues to broadcast whatever it uses for the proximity functions but it shouldn't matter if the truck won't accept it, I would hope.

I'm not sure how to disable the smart key system altogether but I would love to know. I hate it when machines try to outsmart us... in this case, leading to Toyotas being one of the easiest cars in the whole world to steal.

I love rentals and my wife’s car for keyless but knowing this and how sophisticated thieves and hackers are becoming has me thankful for the good ol key turn ignition. Just wished manual was an option for millennial thieves….


Sent from my iPhone using Tapatalk

This isn't a targeted attack on 4Runners. This is how many cars are being stolen these days. I've had various Challengers and Chargers stolen from the dealer I managed. Hyundais and Kias are also common targets as they're very easy to bypass the security system.

Wow, that's a wild story. Glad you got it back though sorry they hacked it up. I went to that site and see one T4R with Texas plates and another with California plates. :mad:

One more reason why I'm glad I have a garage to park in.

This makes me want to remove the batteries from my key fobs now every night.

Just keep them in a faraday bag.

@lets_go_4running


Drama much?

Just 3 dumb questions for you........

1) If they used an apple airtag... why would they need to get access to your paperwork at the carwash to know your address?

2) What the difference between a "A malicious Apple AirTag" and a normal everyday Apple airtag?

3) If you had an alleged "malicious Apple AirTag" in your possession, why wasn't it given to law enforcement so they could track the owner/account it's tied to. (yes they can, and will)

Just bought this:

Amazon.com: Faraday Key Fob Protector Box, RFID Signal Blocking Box, Faraday Box Signal Blocking Shielding Box for Car Key (L) : Automotive

Did not want a bag. Box looks more decorative. Should receive it next week. I'll let you guys know if it works.

My 2022 fob has a battery saver feature. It turns off the fob, thus it can work as anti theft.

You hold down the lock button and press the unlock button twice. The red light flashes twice 2 times then you release the lock button. Fob is then off.

For example you cannot open doors by putting your hand in the handle. You have to turn the fob back on by pressing the unlock button.

I do this every time I leave the vehicle.

@nglayton

It has been a very rattling few days.

Police say the AirTag was so that they could follow the car around and know once it was home. The paperwork is a hypothesis, because our housing is so dense and we only have street parking, so thieves would need to either know exactly which door to do the relay attack on OR they would have to try the relay attack on every door (which is like 50 doors in a single 500ft block) OR they would literally have to stake the place out. But you're right, just an AirTag would have been enough if it was more a suburban area. I mention the car wash place because there are many reviews on google of this same place stealing things out of the car!

I called it malicious, Apple calls it Unwanted Tracking. Basically using the AirTag to track stuff that isn't yours.

I was there the moment law enforcement discovered the AirTag and yes, they seized it instantly as evidence! They would not give me any details or followups though.

I agree that this method is being used to steal many cars. But law enforcement specifically told me that 4runners thefts have visible increased in the past 3 months.

We will likely never see 4runner on the "top 10 stolen cars" lists simply because there are much fewer of them on the road compared to say a Honda Civic.

Do you not have iPhones? I put AirTags in our cars as cheap trackers. My wife got a notification within 10 minutes of driving that someone was tracking her via air tag and offered to show her how to disable it. Based on the location you stated, ours are also further away than your malicious one was

There are several other ways the track the cars than Air Pods and there would not be any notification. Plus, someone could just drive through neighborhoods to identify cars they want to steal later.

The bigger issue is that the software to program a new Smart Key to start the ignition is out in the wild like this.

It's also concerning Toyota (and others) have not found a way to prevent the relay and amplification of the signal to unlock the doors.