Do Not Sell My Personal Information Jump to content
Ad: Genuine Lexus parts & accessories from the Lexus official store on eBay ×


Attempted Theft of my RX450h 2020

Rob62
 Share

Recommended Posts

ColinBarber Grand Master

ColinBarber

Posted
Posted
7 minutes ago, A-Rod said:

I don't understand why peolle with expensive cars won't fit an immobiliser and a tracker? We used to fit these back in 90s on every single car [overseas] - we even had magnet immobilisers where you'd have to put a magnet in a specific place for the car to start. 

It was done in the 80s and 90s because vehicles didn't have them fitted as standard and cars were easily being stolen. Most people don't want the inconvenience of a separate immobiliser, or the expensive, but it may well be the case that insurance companies start insisting on additional security again. 

  • Like 1
Link to comment
Share on other sites
  • Replies 638
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

08ISF
08ISF

I've now received Lexus' response to my earlier snot mail. As follows: "Thank you for your further email and comments. I can only apologise that you are disappointed with my response and tha

08ISF
08ISF

Just had an email from Lexus Customer Services advising that they have successfully tested the blanking plates they mentioned in their earlier reply to me and were in the process of obtaining some bef

DaveyBoy
DaveyBoy

Lexus Lincoln didn't know about this a month ago, but do now! They had one of their own forecourt vehicles stolen using the CANBUS attack, exactly how I described to them a month ago! They manage

Posted Images

Sybaris Proficient

Sybaris

Posted
Posted

Thats not really the point though is it.  If a car manufacturer has an inherent fault in regards to the security of their product, they should fix it.

If your bank left a vulnerability where if you downloaded and ran xyz software on your computer, allowing someone to bypass the login of your bank account, is it the customer's fault and responsibility to find another bank or is it for that bank to patch the vulnerability?  I see this example and Lexus's issue as the same principle.

  • Like 1
Link to comment
Share on other sites
Fatts Rising Star

Fatts

Posted
Posted
8 hours ago, Sybaris said:

Sorry to hear about your RX.  It is very disappointing that such a design flaw exists IMHO, and that Lexus seem to me to be more worried about admitting liability than protecting their customers.  I guess that is how businesses work.  We are just income to them.

That’s the disappointment, Lexus UK attitude, they’re pretending that the problem doesn’t exist, even the response / email from them when i reported (not that I was expecting them to do anything) was carefully worded and did not mention the word Canbus they just stated they are sorry and that the matter is for my insurance company to sort. 

Link to comment
Share on other sites
hondansxr Rising Star

hondansxr

Posted
Posted
On 5/16/2023 at 7:47 PM, First_Lexus said:

Personally I’d go back to Honda having had a few, all of which were excellent. Lexus tempted me away, and I’ve been very happy with my NX and RX, but this specific issue and the seeming lack of urgency from Lexus is making me think twice about another one. 

I had hondas for 26 yrs the later stuff 2008- wasn't that good its why I chose lexus .......

Link to comment
Share on other sites
hondansxr Rising Star

hondansxr

Posted
Posted

From reading these stories it's

As though lexus are the only ones with an issue, there must be hundreds if not thousands of range rovers knicked a week plus   audi  bmws compared to lexus in our street with 58 houses there have been 4 audis and 2 ranges stolen ...not to lighten the issue the op had.

  • Like 1
Link to comment
Share on other sites

hondansxr Rising Star

hondansxr

Posted
Posted

Someone I know had his bmw 4 series stolen when he went to pay for fuel ...reason was he locked the car and it was used by the thieves  to open it and drive it away ....with a full tank of fuel to boot.

Link to comment
Share on other sites
WipeOut Contributor

WipeOut

Posted
Posted

Consumers Act 2015; this letter I wrote seems to have got Lexus a bit more focused on the issue. I've now had an kill switch fitted and pledge to fit the prototype armour.  They've not agreed to a CAN bus immobiliser. 

 

The Consumer Rights Act 2015 gives me rights when I buy a product that it is fit for purpose, as described and in satisfactory quality. It has come to my attention through reliable media reports that my Lexus RX has an easily exploited security vulnerability due to a non-encrypted CAN bus network, which is easily accessed by hand prying open the bumper and wheel to expose a front headlight connector, overriding the immobilizer. My Lexus now has the unenviable boast of entering the top 10 most stolen cars in the UK, according to the Telegraph newspaper, with associated increased insurance costs and difficulties. The security evidently isn’t fit for purpose, as described or of a satisfactory quality.  I’ve discussed this with my local garage, and they mistakenly think this is my problem. I am temporarily using an additional steering wheel lock, and reducing use of my car, but this isn’t a proper resolution.

 

The way to resolve this issue would be to upgrade the CAN bus with encryption and protect the vulnerable access point. I’ve investigated myself and have recommended to me by a specialist an additional CAN bus immobilizer (Approx £500 for a Ghost system). I would like you to cover the costs of this additional security or advise on what other measures you are planning to take and the timescales. If I don’t get a satisfactory response, I may install the additional immobilizer myself with a protection / armor for the entry point, and additional out of pocket costs related to theft insurance, and pursue the costs through a small claims court.

  • Like 3
Link to comment
Share on other sites
rayaans Grand Master

rayaans

Posted
Posted
On 6/21/2023 at 9:19 PM, Fatts said:

Just to provide an update to members on this forum from the awful experience of having my beloved car stolen from my driveway. 

  • The Police only gave me a crime reference number and today more that a month following the incident no local bobby have thought it fit to drop by. Though i have received the customary text message £soory to learn you have been a victim of Crime"
  • Thankfully my insurance company settled my claim in full within 10 days. (not sure if am allowed to name them but they were brilliant
  • I have been able to buy a new 23 plate BMW which I have fitted a Ghost 2 Immobiliser and a tracker. (Tessa Certified). My insurance company even kept my Policy open for 60 days after the settlement thus I was able to simply notify a change or registration number to get my new car insured
  • I have also had to install CCTV on my property to provide added deterrence. (more for my own reassurance rather than insurance requirement)
  • I have decided to give the Lexus brand a wide berth for the foreseeable future, sad to say after owing a GS450 h, an NX, and five RX's between 2014 -2023. My dealer from who I have bought my last four RX's tried passionately to persuade me to buy the latest RX but i told him no amount of sweeteners/ dealer contribution would tempt me to stay unless Lexus UK address the the inherent vulnerability of their cars to CAN bus thefts. (They  offered me a whopping £7k discount+dealer contribution  on the new RX450h+ to keep my business but I still declined)
  • I have decided to keep my Forum membership going for now but will continue to read the posts that interest me, but am now registered on several BMW forums so would probably keep more active on those.
  • Finally I would like to thank all members of this forum who sent me their commiseration & best wishes last month when I reported the incident on the forum, thankfully my story had a happy ending thanks to my brilliant Insurance company.

Its unfortunate to see you go

Out of interest, did you know that the Ghost immobiliser does work with Lexus and does indeed protect against canbus thefts as well? 

Link to comment
Share on other sites
DaveyBoy Contributor

DaveyBoy

Posted
Posted

@WipeOut

There is a link on here or another Lexus forum which takes you to a page which describes the attack in detail.

Basically can bus is a master slave arrangement. The attack, puts a voltage on the two wires, negative I think, which takes control array from the master. When the master tries to take control of the bus, the village is raised a little, but it's enough for the attacker to issue commands as a new master. The trick is,  the slave does not know there is a second master as technically there cannot be one. The door computer is in the same bus. The attacker issues commands to unlock the door.

Once inside the car, they hook up to your OBD port and commands a car start and possible reprogrammed a key, I don't know that last part. But they do commands the car to start.

Ghost had been shown to be ineffective because the attack does something that nobody expected, putting negative voltage on the wires. No can his Canbus immobiliser will work.

Get a strong steering wheel lock. Check reviews as done can be broken in 5 seconds. Stoplock pro or the full wheel cover work 

One thing you might do is put a lock on your OBD port. That MIGHT help but am not sure. Is need to look at that attack webpage again to verify exactly has this attack is performed.

  • Like 1
Link to comment
Share on other sites
DaveyBoy Contributor

DaveyBoy

Posted
Posted

Android auto correct at it again!

Not fixing it, I'm sure you can work out the correct words.

I bought the stoplock pro and so did a few others on here. 

You get used to it quickly.

One also turned off the auto magic unlock and now have to press buttons to open my car and put the fob on the start button and press start to start the car. You get used to that too.

Nobody knows the price of the Lexus steel plate fix yet. Until then, do what you can.

I looked into a remote immobiliser which interrupts the fuel line. But it's expensive and I think it would be to much of a pain in the bum to do each time I want to start the car. Plus a visible deterrent like the stop lock dissuades them rather than have them damage the car and find they cannot start it.

The other car models that are not affected are because the door computer is not on a bus they can easily get to. This attack works on other brands and not just Lexus. They just need easy access to a Canbus cable.

Only a few car models have encrypted Canbus modules. You can expect all future cars will be like this, eventually. The roll out will be just as slow as the crappy entertainment systems upgrades which have followed Tesla, by about 10 years. Carplay and android auto, yeah it will take some significant time.

Link to comment
Share on other sites

Toyota Owner Apprentice

Toyota Owner

Posted
Posted

I know PFK Electronics in South Africa ( Autowatch to us ) has got hold of a CAN invader device to study & backward engineer.

The OBD port isn't used for a CAN invader theft, its all done via the headlamp wiring.

No key programming takes place for a CAN invader theft. 

A circuit cut on the start / stop button on a Toyota / Lexus hybrid with an aftermarket immobiliser wont work for CAN invader or OBD port theft methods as the theft devices bypass that button. 

 

Link to comment
Share on other sites
DaveyBoy Contributor

DaveyBoy

Posted
Posted

I thought so. It's been a while since I read the technical break down of the theft. The details escape me but I do remember that the popular can bus immobilisers wouldn't work, Im sure ghost was mentioned. 

From what I see, a steel pipe or plate to prevent access to the cable is the only sure way. But also, the stoplock to add a deterrent. It's a sad conclusion.

Link to comment
Share on other sites
WipeOut Contributor

WipeOut

Posted
Posted

Thanks for all the comments.
 

I am no expert but the auto electrician who came around seemed very knowledgeable about the CAN Bus attack. I’ve got an isolator / kill switch fitted on the Smart Entry system.  It’s not perfect but with Stop Lock Pro it’s one more level of defence. 

Link to comment
Share on other sites
Mad_4u Apprentice

Mad_4u

Posted
Posted
On 6/25/2023 at 9:18 AM, DaveyBoy said:

@WipeOut

Ghost had been shown to be ineffective because the attack does something that nobody expected, putting negative voltage on the wires. No can his Canbus immobiliser will work.

How did you know Ghost 2 was ineffective!! Yet I did not read or found anyone installed Ghost 2 and his car was stolen unless it was towed.

would you please share information about bypassing Ghost 2 so people don’t waste money on it ?

 

  • Like 2
Link to comment
Share on other sites
Sybaris Proficient

Sybaris

Posted
Posted

Ok look, a post from 2016, similarities?  You be the judge of that.  Has Lexus known about this since then?  I can't say anything other than draw your own conclusion.

 

Link to comment
Share on other sites
Spock66 Mentor

Spock66

Posted
Posted

I suspect more likely a key relay theft, although the Can bus vulnerability has been present from Day 1 it appears only to have become an issue in the past year or so.

  • Like 1
Link to comment
Share on other sites
Herbie Grand Master

Herbie

Posted
Posted
2 hours ago, Sybaris said:

How do you put negative voltage on to something?  Either there is a voltage or there is no voltage.  I've not heard of minus voltages.

The POTS (Plain Old Telephone System) run by the GPO/Post Office Telecommunications/British Telecom/BT/Openreach for many decades has always been run by sending out -48V from the exchange batteries.

Mind you, now that the old POTS is being retired from service, the copper cables are being recovered, and the whole system moves over from circuit switching to packet switching on fibre,most of the exchange buildings (and their Battery rooms) are being sold off and no more -48V.

  • Like 1
Link to comment
Share on other sites
NemesisUK Grand Master

NemesisUK

Posted
Posted

I found these articles quite helpful in understanding negative voltages.

https://www.allaboutcircuits.com/technical-articles/can-voltage-be-negative-understanding-negative-voltage/

http://www.learningaboutelectronics.com/Articles/What-is-negative-voltage

  • Like 1
Link to comment
Share on other sites
steve2006 Grand Master

steve2006

Posted
Posted

Consumer Rights Act?
 

Goods must be of reasonable quality …..can’t really argue there.

And last a reasonable amount of time….could argue here that a 2 year old car stolen off your driveway did not last a reasonable amount of time.

 

  • Like 1
Link to comment
Share on other sites

Latest Deals

Lexus Official Store for genuine Lexus parts & accessories

Disclaimer: As the club is an eBay Partner, The club may be compensated if you make a purchase via eBay links

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing





Lexus Owners Club Powered by Invision Community


eBay Disclosure: As the club is an eBay Partner, the club may earn commision if you make a purchase via the clubs eBay links.

DISCLAIMER: Lexusownersclub.co.uk is an independent Lexus forum for owners of Lexus vehicles. The club is not part of Lexus UK nor affiliated with or endorsed by Lexus UK in any way. The material contained in the forums is submitted by the general public and is NOT endorsed by Lexus Owners Club, ACI LTD, Lexus UK or Toyota Motor Corporation. The official Lexus website can be found at http://www.lexus.co.uk
×
  • Create New...