Dealer installed immobilizer - snake oil?

When dealing with the finance manager, as usual I was offered a load of BS products at a crazy markup. You know, window etching and electronic rust module and the like. As this isn't my first rodeo, I turned it all down.

However, one product that seems interesting was complete immobilizer as a theft deterrent. They would not tell me the brand or how it is installed (hence I said no), but supposedly it is separate remote that shuts down all electronics. Anybody heard about such product? How does it work?

Also, what everyone here is doing about theft deterrent? I was thinking about installing hidden fuel pump shut off switch and storing keys in a shielded pouch. My neighbor had a brand new Tacoma stolen last year, so it is a concern I need to address as my garage is unfortunately taken up by other cars.

 

It's already got an immobilizer based on the key fob. It's also at least theoretically capable of being immobilized over the air, but I don't know if that's implemented in the app.

 

The dealer wanted to add LoJack for $995. I told them, NO!
I hide an Apple Airtag ($20 a piece ) in all my vehicles.

 

Get a Compustar remote start with alarm (T13) and you can start your car from the fob up to 3mi away and use the app anywhere. You will also be notified via fob/app if anyone tries to break into your 4R plus you can track location.

 

I thought about adding an air tag myself but thought if it were stolen I wouldn’t want it back.

 

Aftermarket stuff like this always has the potential of failing and shutting you out of your own vehicle. And if it does, murphy’s law dictates it will happen at the worst possible moment. Had an aftermarket security system professionally installed in a brand new honda accord. Good car, completely reliable for the 10 years we had it to that point. One day it was needed to get to a hospital…and guess what? Yup, would not start…alarm going off…etc. Had to disconnect the battery and get another car. I prefer to rely on insurance.

 

It does, but these no-touch keys are all kinds of insecure. You have relay attacks (they boost signal to make it appear that the key is next to the car), you have OBD cloning attacks where they just add a key they have as an authorized, because Toyota didn't secure that option. All of these security problems so I don't have to insert a key into ignition lock to start the car? I would rather do that.

To deal with a relay attack, I will use signal blocking pouch. Modern car keys have accelerometer and completely shut down when not moved for a few minutes, but I don't think Toyota caught up on that.

To deal with a key cloning attack I will need to put a mechanical plate onto OBD port.

I would rather not have to deal with an old school steering wheel club, but that what it may come down to while I figure out what to do.

 

I'm a big advocate of hiding an Air Tag in your vehicle (two if you can afford them) for theft protection. But make sure you remove the speaker from the Air Tags before you install them. Thieves have caught on to this. By removing the speaker from the Air Tag it won't beep when you click "find my air tag"; then the thief cannot remove it.

But you better remember when you hid them, because you'll have to go find it in about a year to change out the battery.

 

The Club is easily defeated with a battery angle grinder w/cut-off wheel in less than 10 seconds. My neighbor’s wife lost the keys to theirs and easy peasy……the key to the city.

 

Do it right and get a top of the line car alarm with remote start. Why allow someone to steal your car with an AirTag or a club that will only delay the robbery and wont notify you.

Let your car notify you of any tampering with a top tier alarm, than you can choose to let them steal it or beat them with a club. Security and countermeasures is my thing and nothing beats a good alarm that will notify you. Hell i even have cameras in my 4R and warning signs deterring people from tampering. lol

 

My 2019 Limited got dealer installed KARR security system. At the time of purchase I said no thanks. At the time of purchase the vehicle didn't start and they changed some chip or something and I was able to start the vehicle. I don't know when it will give me problems but very annoying to have these.

 

Not interested in aftermarket stuff like that.

I got an Compuster system installed on the Sorento because HyunKia’s anti-theft issue and it went off every storm until I turned the shock/glass break sensor off. The remote start was cool though.

And the remotes got unpaired and stopped working so I had to take it back to the shop, they said it had a chance of happening every time I changed or disconnected my car battery. The shop forgot to install components too the first time and if I wanted to change settings on it that’ll require paying the shop fee to get in the door.

And to top it off, if it had been stolen and totaled out it would be better financially for me rather than waiting months for parts and repair, and still paying the higher insurance while risking repeat break-ins.

Rather put the fob in a faraday cage type pouch for relay attacks or a hidden killswitch if you’re really concerned about that fancy CANBUS hacking thing.

 

I work in Information Security field, and unfortunately adding keys via OBD port is not that difficult. Here are high-level description of how it works.

Dealer has ability to add keys to your car with a dealer diagnostic tools. Unfortunately, these tools are software that can be copied and/or reverse engineered. Toyota (and other manufacturers) don't understand security, so they weakly authenticate dealer tools to the car and share authentication across region. They also don't have a way to revoke credentials once they are compromised. Unfortunately, some dealer out there lost control of their tool and it got copied along with credentials. Car thieves can now purchase a laptop that emulates dealer tools and add a blank key and all they need is access to ODB port. So unfortunately, due to hackers doing all the leg work to produce (and sell) tools, it is low-skill attack. Break into the car, plug a cable, and press enter.

This is unfixable, because securing this design would require a) unique credentials for each dealer b) regularly updating car firmware to disable compromised credentials.

What is possible is to physically block OBD port where a low-IQ and low-skill car thief would not be able to quickly steal the car. If they can't plug into OBD port they can't add keys with their tool.

---

There are many more sophisticated attacks, but defending against these is simply infeasible. My goal is to stop garden variety crooks, not Gone in 60 Seconds -like professionals. If some African Warlord wants my 4Runner Limited there is no feasible way for me to keep it.

 

Don’t get me wrong but I do too! I’m talking about that thing where thieves patch in through headlight or other easy-to-access wiring from the exterior. I’m not sure if the 4Runner is “supported” by the creator of the exploit and their pricey equipment but many Toyota’s are.

OBDII access requires outright busting in (but you did say that already) with more equipment necessary than stealing a Hyundai/Kia so we can at least take solace in that. And a non-standard killswitch will also buy time while they look for it. (but personally that’s not remotely in my threat profile)

And of course there’s always the crooked tow truck that bypasses everything!

 

Hijacking light control module CAN BUS connection to impersonate key authorization module sending all-clear to start the car is a technical attack. However, it is not novel, as Charlie Miller and Chris Valasek did exactly that with their Jeep attack in 2015. More so, real-time nature of CAN BUS makes message authentication difficult to implement AND any counter-measures have a high likelihood of violating Magnuson-Moss Warranty Act. That is, if you allow anyone but the dealer to swap your key module then you also allow for the possibility of car thieves to spoof said module. The likely, but incomplete, solution is to implement something like Audi with a gateway modules enforcing one-way communications. In practical terms, there is no reason why lights control module should be allowed to send out anything but codes related to lamp operation. Then it doesn't matter if you can tap into CAN BUS at that point, you won't be able to do anything other than what lights module module can.

Regarding 4Runner, I don't have first hand knowledge on CAN BUS attacks or tools available and unlikely to go looking. However, if I was asked to design such tool, I'd investigate Toyota Safety Sense sensor. It is likely it is possible to induce the car to both unlock and start by tapping there.

 

My 2022 4 runner was stolen from my driveway last week. Seems the thieves gained entry by breaking a window ( very quietly) and drove away within minutes. I would like toyota to be held accountable for not mitigating risk of theft of their vehicles and failing to install anti- theft devices. As a consumer I do not feel protected and am hesitant to replace my vehicle. Left with no answers, financial hardship and no accountability. A 2023 highlander was stolen within the same area on the same night. Research shows toyota's are easy targets, so disappointing, dream vehicle is gone, only 18000 km on it. Exploring a class action lawsuit against toyota.

 

I opted for this one, just waiting for delivery to install it.
https://41twentytwo.com/product/vehicle-kill-switch/

 

I have the Compustar with the long range 3 mile remote and also installed the alarm add on . I also opted for the drone device which I can see battery voltage, inside temp of vehicle, its gps location, with the drone app I can also start/lock/unlock it from anywhere Love it!

 

I’ve been in your position but you can’t blame Toyota for where you park your car.There are too many variables. It’s not Toyotas responsibility to ensure the safety of your vehicle. If you leave a suitcase full of money on the curb in the south Bronx and it’s gone when you come out would you sue the briefcase manufacturer? Thieves are hi tech now and there is virtually nothing you can do if they want it.

 

please let us know how the install goes

 

you can turn the fob off by pressing and holding the lock button then press and hold the unlock button until the light blinks twice, then release both. Thus no need for a pouch.

 

In this case, you absolutely can blame Toyota (and most other manufacturers) that removed ignition locks with a physical key that was difficult to duplicate and did not replace that with a secure alternative. Adding a wireless key to a car should not be this trivially easy. These cars are stolen a lot because a) they are desirable b) it is easy to add a new key.

 

How do you turn it back on?

 

Oh man good thing you didn't buy a Hyundai or Kia. They've made the customer-unfriendly, completely against industry convention decision to skip immobilizers paired with an easy-to-break steering column and ignition lock for years. Kids can steal them with screw drivers (or similar basic hand tools) in under a minute.

1. break window
2. snap open steering column
3. snap off ignition lock
4. turn exposed tab with USB cable (or pliers, fingers)
5. Movement That Inspires

If it's a common thing like these smart keys, I don't think it'll be as easy to blame Toyota when customers generally want their keyless start and it isn't abnormally vulnerable. I'm at least glad those attacks require technical know-how and equipment rather than a screwdriver and boredom.

 

Press any remote button will cancel that mode, You have to perform the key presses each time to shut off the proximity feature of the fob.

 

Toyota didn't force you, or anyone else here, to buy the vehicle they own. That equates to zero liability.

 

This argument maybe would make sense if they advertised these cars as easy to steal.

I think it is a fault with wireless key implementation, as one could design secure keys and/or improve supply chain security.

However, Toyota is not doing as good of a job with this problem as some other manufacturers. For example, Mercedes (and few other manufacturers) tightly controls who could buy a blank key and trace them when a car get stolen this way. They also permanently bind keys to a car, so there is no reuse possible. So it is difficult for car thieves to get enough blank keys to steal enough Mercedes to matter with this attack.

Toyota could be doing more.

 

Who did you sue in the 70’s and 80’s about easy to steal cars?

 

just press the unlock button. It’s in the manual. It was designed as a battery saver, but it defeats the theft aspect and need for a faraday pouch. I keep the 2nd fob off and turn off the other fob when I am parked at my resident. Heck you can do it anytime you are out of the vehicle doing errands, but likely not necessary.