Looks like Smart Key is standard on the Base Model L (US) so there may be little you can do other than what has been tried.

 

I never use the remote to lock/unlock my Highlander from a distance. I just use the door handle touch sensor feature to lock and unlock. The key is always sending a signal but at very low power so it must be within a few feet of the car for this to work so unless someone is almost right next to you with a laptop I don't think they can intercept the signature.

 

The OP's concern really is a thing. The signal coming from the fob all the time must be stronger than you'd think... maybe the car is designed to react to it only within a small distance, or in other words, when the signal is strong enough. Evidently thieves can amplify the signal from the fob to increase the distance and steal a car parked outside. People who live in an area that's prone to this problem are experimenting with different ways to contain that signal from the key fob, such as the Faraday bags.

There is a way to turn the fob "off" that's described in the Owners Manual for saving the battery life.

But to address the OP's question, no, there is no way to permanently substitute the fob for a real key. You get a small version of a real key with the fob so you can unlock the driver's door if the remote battery is totally dead or the car's battery is totally dead. I don't think it's meant for everyday use. There's no place to put the key to start the engine. You need to have the fob to do that, although you can make it work if the fob's battery is low by holding it directly in front of the on/off button on the dash. So I guess that's something you could experiment with - take the battery out of the fob and see how annoying it is or isn't to use the tiny key and starting the car by putting the fob right up to the button. In contrast to that, I think something like a Faraday bag is easier than significantly compromising the features of the car.

 

If they want your vehicle, they will get it one way or the other, I guess making it as hard as possible is good thing. Maybe move Maine, not a big problem with car thieves here (Yet).

 

My guess is if you find out soon enough that the car was stolen, wouldn't Toyota be able to disable it for the cops or at least track it?

I believe if you push the SOS button, they tell the cops were you are?

 

Sure but the whole idea of my question is to prevent the steal.

 

This is from the OM - not a powerful signal when just sitting passive in your pocket

 

I drop my key fob in an empty vegetable can and it won't work when I try to open the door by touch the handle. I take it out of the can and the fob works perfectly. This might stop thief number 1 from outside the house getting enough signal to use a booster while the 2nd guy stands by the car.

 

Here's an article that seems to support my theory that you need to push a button on the key fob to be hacked

This Hacker's Tiny Device Unlocks Cars And Opens Garages

 

Here's an article that seems to support my theory that you need to push a button on the key fob to be hacked

Don't forget, our HL and many other Toyota and alike models have proximity sensor based on our key fobs emitting signals without pressing any button on the key fob. Further more, if your car door handle, by grabbing it that unlocks the driver's door (or all the doors depending setup), your key fob is then constantly emitting signal... For any of this type of key fob Not to emit any signal, pull its battery.

 

If there is a way, that way will be found and there is little you can do about it unless you take different options. If it was this easy to prevent your vehicle from being taken, everyone would do it.

 

Absolutely Agree!
Just for laughs, I do have one not so easy way for anyone to steal a car (not so easy for the owner either, I must say) that is to put the car on Jack stands... LOL

 

Mainly Toyota products: Police 'take down' 20 suspects in car theft ring

While the key fob repeater is one way they steal the cars, it seems like they are also breaking the door lock and reprogramming the car via the OBD-II port. Almost sounds like this is the preferred way to steal cars these days. If this is the case then the car's software need a major security upgrade. Regardless, I doubt that Toyota has done much to address this problem. Sad to say but parking in the garage or using a steeling wheel lock might be the best way. Security cameras and motion sensor lights might be a deterrent, but probably won't really stop someone who wants your car. I have to admit, this is a concern of mine as well, especially as these cars are very popular for thefts in the Ottawa area. People have had their new car stolen the night they bring the car home. Scary to think about it.

 

Mainly Toyota products: Police 'take down' 20 suspects in car theft ring

While the key fob repeater is one way they steal the cars, it seems like they are also breaking the door lock and reprogramming the car via the OBD-II port. Almost sounds like this is the preferred way to steal cars these days. If this is the case then the car's software need a major security upgrade. Regardless, I doubt that Toyota has done much to address this problem. Sad to say but parking in the garage or using a steeling wheel lock might be the best way. Security cameras and motion sensor lights might be a deterrent, but probably won't really stop someone who wants your car. I have to admit, this is a concern of mine as well, especially as these cars are very popular for thefts in the Ottawa area. People have had their new car stolen the night they bring the car home. Scary to think about it.

In a matter of speaking, software security is one of the few things you think of when it comes to vehicles but with how vehicles are nowadays they are computers. There have always been ECUs but nowadays you have ECUs and Computers working together.

 

As far as this topic is concerned, I am done with it. Obviously, there is no easy solution other than buying something else than a new Toyota that comes with its unsafe technology. Maybe I should stick to my old Venza for a few more years. It is still in a very good shape after 10 years of loyal services.

 

Most are vulnerable, yes.
It is important to some manufacturer's but not Toyota. I always though keyless entry and push button start were cool, but pointless.

I'd say give it some time, Toyota likely is doing something about it but at this early point of a generation don't expect anything significant.

 

Aren't all new cars coming with this keyfob thing, and therefore vulnerable? Or is there something very different about Toyota only that is making it easier?

 

you are right. GM for instance seems to use similar technology. This is what my brother-in-law bought to replace is Lexus. No more attempts to steal is car. Since his purchase, he sleeps like a baby every night. Of course the car that he has bought is not in high demand by the thieves like the HL is.

 

Most are vulnerable, yes.

Thatcham got good results from the Audi E-tron, Jaguar XE, Range Rover Evoque and Mercedes-Benz B-Class: cars with wireless fobs that resist the attacks by either using more secure wireless technology or by going to sleep when they haven’t been used for a set time.

It is important to some manufacturer's but not Toyota. I always though keyless entry and push button start were cool, but pointless.

 

Have good theft insurance and stop worrying about push button start. Having a car stolen isn't the end of the world. Dying or being severely injured in an accident is far more of a concern, given the number of traffic accidents.

 

Agreed! Personally, I rather my car gets stolen than being broken into, having to clean-up all the broken glasses will cause me more aggravation.

I was at a hotel recently, where the owner of a nice car, took ALL 4 rims off and brought them in the hotel room That's for way to be pretty safe - sure the car isn't going anywhere while you sleep.

Wow! That's a bit much for me; imagine at night if the hotel fire alarm goes off and seeing some guys rushing out with 4 wheels... LOL won't even have time to put them wheels back on then pull his car out and away from the firing building.

Have wheels or no wheels at all, truly gone in less than 60-seconds...

 

If you read the Wired link in post #16, you'll see that using that device, the thief doesn't need to be around, no need for laptop, can come back anytime and steal the car. A faraday bag won't do any good, since the signal is stolen when the owner USES the fob himself to lock the car. As noted in the article, the only indication is it takes a second press to lock the car, but most folks would just figure they didn't press fully, or missed the beep.
But a steering wheel lock is a pretty good solution. Not infallible, as these can be cut off with a reciprocating saw, or even the steering wheel can be cut through. But at least the steering wheel lock will foil the thieves who are just using the $30 code grabber, or the laptop booster device.
I'm using one of these:

Amazon.com: OKLEAD Universal 5 Coded Steering Wheel Lock Anti Theft Keyless Twin Hook Lock for SUV Car (Steering wheel's Inner Diameter 6"-15", Wheel Rim's Diameter Max. 1-3/4"): Automotive

Buy OKLEAD Universal 5 Coded Steering Wheel Lock Anti Theft Keyless Twin Hook Lock for SUV Car (Steering wheel's Inner Diameter 6"-15", Wheel Rim's Diameter Max. 1-3/4"): Wheel Locks - Amazon.com ✓ FREE DELIVERY possible on eligible purchases

www.amazon.com

Again, not foolproof, but a step in the right direction. The bright color and high mounting will discourage some, although this does nothing to prevent a window smash-and-grab. I like the fact that this lock has a combination, so no need to carry a separate key, or worry about losing one.
My alarm system was not equipped with a glass breakage sensor, but you can get the OEM add-on kit for about $200. Dealer installed it for about $250 (though some will want more). Gives a bit of protection from smash-and-grab depending on where the goodies are stored.

 

It is the chip makers that are at fault for not making the handshaking secure. We do it with credit cards, why not for cars?

Be sure to have replacement insurance added to you insurance policy. Costs like $10.

Doesn't Toyota know where your car is all the time anyway?

 

It is the chip makers that are at fault for not making the handshaking secure. We do it with credit cards, why not for cars?
.....

Well, not exactly. It is the fault of those who gained access and the use of RF receiver with decoder illegally. For ease of use to owners, this RF transmission is transmitted in a radius direction (so we don't have to know exactly where our cars are parked, only within range), so these "transmissions" can be fairly easily "intercepted". Yes, there is directional RF transmission, but then our key fobs won't be as miniture packaged as well as we will always have to know where our car is parked... As for our credit cards, they are a passive (don't transmit, but only respond to) device, therefore, for someone to steal our credit card information, their device has to be in very close proximity to our card (that's why there usually involves either a slight bump or brush-by of our purses/wallets/pockets/clothing... further more, most of the time we carry a small stack of cards together, so the attempt of stealing credit information is not always successful and can be garbled).

 

BTW you can put your fobs in a microwave oven. That IS an RF tight box. just don’t turn it on....lol

 

Age old problem. We have stuff, some people want to steal our stuff. Ultimately though, I still think Toyota can do a better job with security. For me if I do get a 2020 Highlander, I will probably park it in the garage at home. Just need to clear out all the kids' junk. If it's parked outside...steering wheel lock and I'll 3d print a custom Faraday box for the key fob. Although a locked OBD port seems to solve a lot of these security issues as well.

I'm sort of partial to MagnaVolt Lethal Response though.

"

 

...
I'm sort of partial to MagnaVolt Lethal Response though.

Love it! ?????
You might like this one too...

 

Who needs protection when you ARE protection.

Otherwise like I said before, as far as I know those Smart Key's are not exactly easily programmable as far as I know so whatever security they have is whatever they got. All you can really do is make it as hard as possible to prevent your vehicle from being taken and in the end, if someone wants it they will do anything and everything in their power to take it. Steering wheel lock, brake locks, pulling the EFI fuse's, adding a switch to a line, etc. Of course most of this just makes the convenience of a Smart Key useless... then again if I personally can get a vehicle without a Smart Key I rather not have one but that won't happen.

I like mechanical reliability in instances where "smart", "touch", or electronic technology is really just not needed. Why do I need a touch activated flash light instead of just a button switch? What makes it better? They both use the same batteries? Stuff like that is where I prefer mechanical reliability. That does not mean I don't like newer technology, it just means "why this?". But you know... more space for the user...

 

Yes, but, any encryption also requires decryption for the data to be received/communicated successfuly. To what extend, on an automobile, do we want security to be ...? As several members (myself included) already commented in the past, if the thieves want it they will find a way to get it, we as owners can at best make it more difficult so the thieves will hopefully move on to some where else.

 

Yes, but, any encryption also requires decryption for the data to be received/communicated successfuly.........

The chips used do this already, just insecurely. That insecurity is what the thieves exploit.

Security requires vigilance. The internet was never designed to be secure. Now we have to be ever vigilant to keep the bad guys away. Same goes for our car keys.

Good security has a cost. It is cheaper not to have real metal keys. Fobs evolved from car alarms. Now they need to kick up the security to make them real keys. I personally know of a $1 per car hardware solution that would eliminate this security loop hole. But it costs money to involve real security people to implement a secure solution.

Just like car makers are poor infotainment solution providers generally. Some seem to be poor security providers also.

They need no step up their game in the security arena.

 

so many ways they came up with. They will either phisically break the outside door lock with a screwdriver, enter vehicle, erase all keys and reprogram a new one of their own through the obd port.
Newer 2018 toyotas do have extra encription for reprogramming keys. We tried to get the locksmith to do it and as of 3 months ago he was not able to do it. It will be a matter of time till the aftermarket catches on though i am sure.
New software was released and could reprogram older Toyotas with an obd dongle through your smartphone for under $200.
Our locksmith is amazing that we deal with. He is able to do stuff with his acanner the dealer cannot do. Example is unlock certification ecus. We as techs do not have that option

Another way they do it with an antenna to pick up and amplify smart key signal and transfer to a laptop and someone else drives off. I have seen videos

Tbh the 2020 highlander should be much harder to steal now at least for a while

Want to protect your hl? Get a lock box for your obd port. Its best you can do
If they want it the will get it. Its why we have insurance....

We had a 14 Camry that 2 times they locked his certification ecu. Came in as no start. Forst time we put a computer thinking failure. Second time a week later we told him they may try to steal his car and failing the process and locking his ecu. Told him to park indoor. A month later he came in to buy a new car. Vehicle was gone.

Had a Highlander customer come in and complain a piece of the plastic handle over where the metal key goes in cylinder was missing. A closer inspection showed they drilled out his door lock cylinder. I told him since they never stole anything from inside they may habe tried to erase and reprogram keys. They did not want his sunglasses but his car. These are profesionals that know what they are doing not petty thiefs.

 

BogdanTo,

Can you recommend a quality OBD lock box.

Perhaps a reputable installer in the Toronto Area.

 

There are some good tips here like never lock or unlock your HiHi or Hi from a distance. Always walk up to it and open it.
When you store your keys indoors for the night put them in signal blocking material.

And most importantly never cancel your insurance. There are a lot people in Canada these days who get insurance when the get their vehicle to cancel it because they cannot afford it. If that's the case then you shouldn't be driving. Friends of the wife were recently in a fender bender, the driver who hit them was driving a newer BMW and didn't have insurance.

 

 

Does anyone have installed any Anti-Theft devices?

Found this one mostly used in Europe to lock the brake pedal:

Amazon.com: Bullock 146142 Universal Excellence Anti-Theft Defender: Automotive

Buy Bullock 146142 Universal Excellence Anti-Theft Defender: Locking Devices - Amazon.com ✓ FREE DELIVERY possible on eligible purchases

www.amazon.com

Does anyone have installed any kill-switch? (for example to disable start/stop button or disable OBDII port?)

 

Does anyone have installed any Anti-Theft devices?

Found this one mostly used in Europe to lock the brake pedal:

Amazon.com: Bullock 146142 Universal Excellence Anti-Theft Defender: Automotive

Buy Bullock 146142 Universal Excellence Anti-Theft Defender: Locking Devices - Amazon.com ✓ FREE DELIVERY possible on eligible purchases

www.amazon.com

Does anyone have installed any kill-switch? (for example to disable start/stop button or disable OBDII port?)

I'm not sure how that one works. I use this one in my 08 Camry. If you want to install a kill-switch, I recommend looking at an electrical wiring diagram.

Amazon.com: The Club CL303 Pedal to Steering Wheel Lock, Red: Automotive

Buy The Club CL303 Pedal to Steering Wheel Lock, Red: Locking Devices - Amazon.com ✓ FREE DELIVERY possible on eligible purchases

www.amazon.com

 

Perhaps we will soon be able to have one of these integrated into the vehicle Blade Runner 2049-style.

 

It’s not fun to watch your Highlander disappear from your driveway within matter of minutes! Toyota and Lexus needed to acknowledge the relay attack issue many years ago.

We all know “if they want it they will find a way to take it” duh 🙄 But why send thief invitations with subpar security technology? Who wants to put a club on the steering wheel or put a kill switch in the year 2020 just because mighty Toyota can’t patch a glaring security hole?

Sorry, my rants are over, but Toyota lost many loyal customers.

 

...mighty Toyota can’t patch a glaring security hole?...but Toyota lost many loyal customers.

Can you provide a link to this? Other than some anecdotal evidence and hearsay, there's nothing out there that definitively points to why Toyota's keyless entry systems are more vulnerable than other manufacturers. Would like to dispel any myths out there.