Subaru Ascent Forum banner
1 - 20 of 137 Posts

·
Registered
Joined
·
31 Posts
Discussion Starter · #1 · (Edited by Moderator)
OK - Am in middle of this, so please spare any judgement (I'm already judging myself!)

We're on a trip and lost both key fobs to our 2019 Ascent in a river float. No chance to recover them. Nearest dealer is working with me and claims that only way to replace (since both keys lost) is to remove some module(s) from vehicle, send them away to be programmed, then reinstall them. That will be 2 weeks or more (and we are away from home).

Anyone else ever have to replace both key fobs? Just looking to see if above is accurate.

BTW - Roadside assistance was useless until I got the dealer to ride their back to send a tow truck to bring vehicle back to dealership. Unfortunately the vehicle is also in spot with NO cell service so we can't even unlock with the app.

1624905431520.png
 

·
Registered
2020 Ascent Touring
Joined
·
972 Posts
Did you record the key code from the metal tag that was attached to the keys when you bought the car? Did you put the tag somewhere someone can get to it? If not, call your selling dealer to find it they recorded the code. Pretty sure the key can be duplicated from the code.

Good luck.

I keep my key code stored in my password manager so it's accessible online.
 

·
Registered
Joined
·
31 Posts
Discussion Starter · #3 ·
Sounds like no...if we had one key they could do that, but with both keys lost I have 2 separate dealers telling me same thing. Have to pull the cluster & BIU both, then ship them to factory to be reprogrammed, along with new fobs. Those get shipped back to dealer and they reinstall & check everything.
 

·
Super Moderator
Joined
·
2,290 Posts
Ouch. Once it’s all finished would you be willing to share how much it cost? Maybe it’ll be reason to save someone else the same ordeal! I always thought they could reproduce one with that code, even without having another fob or key present.

I have so many questions how it happened but I won’t pry. Sorry to hear that it happened. Were you able to get back into the vehicle at least?
 

·
Administrator
Joined
·
10,457 Posts
Yes, sadly, that's correct information. At least one FOB must be available to program others, or the unit needs to go to the factory to be replaced, or reset and reprogrammed.
 

·
Registered
Joined
·
171 Posts
This is insane - and stupid.

While I did not check all manufacturers, the ones I did can pull the data from the manufacturer based on the VIN.

Am I missing something?
 

·
Administrator
Joined
·
10,457 Posts
Nothing stupid about it. More secure. Annoying when something goes wrong? Yes. But, I'd rather have one gatekeeper to that sort of thing.
 

·
Registered
Joined
·
171 Posts
I completely disagree - if Mercedes and BMW and a couple of other OEMs have a method that allows them to pull the data required from their systems, Subaru should be able to do so, as well.

I don't usually take a hard line on engineering issues, because there are many really good reasons one solution or another is chosen - but, in this case, this is insane and stupid.
 

·
Registered
Joined
·
3,527 Posts
Did you record the key code from the metal tag that was attached to the keys when you bought the car? Did you put the tag somewhere someone can get to it? If not, call your selling dealer to find it they recorded the code. Pretty sure the key can be duplicated from the code.

Good luck.

I keep my key code stored in my password manager so it's accessible online.
ditto on the password manager strategy (y) first thing I did once I learned what the tag was for.
 

·
Registered
Joined
·
31 Posts
Discussion Starter · #10 ·
I will follow up once it all settles out. Subaru Roadside Assistance did at least escalate and is actively working getting the car towed to dealer. Should be able to access car then as will have cell service to car at dealer.
 

·
Administrator
Joined
·
10,457 Posts
Alas, it's not more secure, and, tools to crack such methods with hacked databases are going to hit the black market soon enough, allowing anyone to steal a BMW or other brand that hasn't switched yet. I could do a proof of concept in a few days.

I'd bet good money that others will change their methods, as Subaru did, in the next few years when the crack tools hit.
 

·
Registered
Joined
·
171 Posts
Again, I disagree. Pulling the data from OEM system, using that data, going through the recode process via hardware interfaces is a hugely time and process intensive effort.

This - I will say again, is insane.
 

·
Administrator
Joined
·
10,457 Posts
Perhaps I have a different perspective, as, cybersecurity is a major part of my day job for the State of NY (and formerly, cybersecurity and programming in the insurance world), including being on a state committee that sets policy. I'm also the guy who identified and reported the bugs in Harman Kardon's Subaru systems based off work my colleagues did on VW's and Audi's HK implementations. And the guy who reported how easy it was to modify their firmware updates to inject anything anyone wanted (yeah, it's my fault that they all now come heavily encrypted). So, part of my job is watching what exploits are being developed, released, promised, etc. This will be a problem for manufacturers who still do the old school method of paring FOBs - that's not a guess or prediction - it's what's in the works. My hopes are that the methods and toolkits don't become available until the cars that still allow the old methods are no longer worth the effort to steal.

BUT... yep, agreed, still annoying.

Here's the part I always find interesting... we got the HK software bugs reported for the various platforms right at the cusp of the vulnerabilities being exploited by others. Had we not reported them, or HK not acted, I'd estimate another few months to half year after HK's final patches before we'd seen the stuff exploited in the wild.

These Subies, for keyed vehicles, used to be able to be reflashed with the codes and VIN.
12756
 

·
Registered
2021 Ascent Premium Blue Abyss
Joined
·
268 Posts
So this is a good time to remind people of the PIN entry, and being able to lock/unlock the car that way which disables the fobs (from what I've been reading) and allows them to be locked in the car (i'd still hide them somewhere). So sorry this happened to Scoobydude, really sucks the fun out of any trip when these things happen.
 

·
Registered
2021 Ascent Limited Black/Black
Joined
·
291 Posts
This is my first car with a fob, so all of this is good info to have tucked away in the back of my head. Never really even thought about it, but certainly on a trip especially it sounds even more devastating than I realized if you lose both. I always thought the little tag with the code would save the day if you lost both, thought that was specifically what it was for, to be a 3rd backup if both were lost. A different world than my old '95 Outback, that's for sure. Old Subarus like that are some of the easiest cars in the world to steal, and mine was stolen 3 times in the last year I owned it (the 3rd time was when they f*cked it up and I had to say goodbye to the old friend after 24 years). Love the additional security these modern fobs offer, but wow, losing them sounds 1000 times worse than losing your keys used to be in the old days.
 

·
Registered
Joined
·
3,527 Posts
Alas, it's not more secure, and, tools to crack such methods with hacked databases are going to hit the black market soon enough, allowing anyone to steal a BMW or other brand that hasn't switched yet. I could do a proof of concept in a few days.

I'd bet good money that others will change their methods, as Subaru did, in the next few years when the crack tools hit.
My password manager is dashlane which uses a master password that they do not store on their servers or even iny computer. I am not worried
about it. My master password is 18 characters long; so no guessing or algorithim is going to be successful.

 

·
Administrator
Joined
·
10,457 Posts
My password manager is dashlane which uses a master password that they do not store on their servers or even iny computer. I am not worried
about it. My master password is 18 characters long; so no guessing or algorithim is going to be successful.

Right, but I am referring to being able to make keys off of the VIN numbers.
 

·
Registered
Joined
·
171 Posts
No kidding.

And, the point is that Subaru has overthought this - and, made it DEVASTATING - when other OEMs have NOT done so.

This one sounds BAD on Subaru, to me.
 

·
Super Moderator
Joined
·
2,290 Posts
This is all good info! I won’t be taking any chances if I lose a fob; I’ll replace it ASAP before I have a chance to lose the 2nd one.

thanks for taking one for the team @ScoobyDude.

And tonight when I get hΩ I’ll be saving the tag in my trusty password manager, 1Password. I’m assuming now that tag is only there to assist replacing one fob?
 
1 - 20 of 137 Posts
Top