Canbus theft scandal

[e-yes]

If at all there is a smoking gun, Lexus themselves charged me £1184.68 for insuring my ES this time whereas last time I was with a different insurer and the premium was about £400 and that insurer simply sent an email saying they are not going to insure my ES. Every other quote this time was around the same as Lexus so I decided to insure with them.

—E

[dutchie01]

could this be something?

 

[dutchie01]

and a bearlock blocking the transmission?

http://bear-lock.co.uk/

 

[katabrontes]

 A few good posts here.  Surely if there are 70K potentially affected Lexus owners the cost to each for a class action would be quite modest and should be well worth while.  Lexus would certainly want to settle rather than go to court over this.

I did think of changing my 2006 RX350 for a later 450 a couple of years ago but in the end decided the benefit (mostly a few quid off road tax and a bit saved on petrol) wasn't good value against the cost./  The 450 was very nice but so is mine and the benefits amounted to a better design of the door sills and camera in the wing mirrors.  Not much for £20K.

 

Having read the posts above I am glad I didn't and now plan to keep it until HMG crucifies me with road tax by which time I hope Lexus will have fixed the problem or maybe an EV might be a sensible option. About another 5-10 years I estimate.

[Linas.P]

On 1/16/2024 at 9:52 PM, Shahpor said:

This topic seems to be going around in circles with no new information being added.

Also, some members on here are getting rather militant in their posts...

For me, there is only one true course of action:  You have a choice of what car to own, so if this issue bothers you so much, choose to no longer be a Lexus owner.  A significant drop in sales - and perhaps a flood of used cars that aren't selling - is the only thing I can see actually making a difference.  Do you think JLR did what they are doing for owners' benefit?  No, they are looking after their own interests as the negativity the issue was causing no doubt was beginning to hurt their sales forecasts.

As for how much money you might lose trading in your car now, it depends on how much this issue affects you.  Peace of mind is worth paying the price...

I get what you saying, but also - Lexus response was absolutelly unacceptable. As far as I know they haven't even admitted there is any fault. So sort of - "ok we learned a lesson at your expense, we promise to be better in future". 

And to be fair I don't blame Lexus too much, I think this should be some government body to chip in, like diesel gate. I don't know - some sort of consumer protection agency i.e. car brand left an major vulnerability, as result cars lost value, so they either compensate for that, take cars back or they fix it. When buying new NX I am pretty sure it does not say in sales brochure that your car comes equipped with major flaw which means any teenager can connect to your CANBUS under the bumper and override it in seconds. 

I guess sadly it is sort of grey area - everyone understand this is not how it suppose to be, but there is no specific law to say what to do and what are the rights of the parties involved, so this perhaps should be deal with class-action lawsuit type of deal, but in UK we don't have such legal mechanism. 

Also, I guess Lexus defence could be - "it is not our fault that UK has absolutelly shocking criminal situation and abysmal police support, cars are fine unless somebody maliciously attacks them". And that would be very true - in UK car crime is basically decriminalised, car thief has more protections than motorists just driving on the road, the way laws a laid out car thieve looks like some sort of vulnerable group. 

In the end of the day, flawed security design on Lexus side and total ignorance from police side leads into situation we have now - where you can't have a nice car because it will get stolen. And that is not only Lexus, I am sure we all seen how Bentleys, Ferraris and McLarens are being car jacked in the middle of the day in the centre of London. And as far as I know they don't have CANBUS issue, point is - police allows for thieves to get away, owners have no way of defending themselves either (no guns allowed), so thieves are getting more and more brazen with their craft in such power vacuum. 

Ohhh... and finally insurer, they are there just to drain last ounce of blood... few cars got stolen, say £2million write-off for them... so now they going to jack the prices for 10s of thousands of owners, and make 100s of millions out of it. Just nice excuse for profiteering.  

[Newbie777]

Interesting but very unfortunate issue.

JLR prices have gone well below dealer purchase prices so where dealer bought it for £19k and sold for £24/£25k, now being sold for £14k.

This will apply to Lexus soon and other affected used cars.

The thefts will not stop soon. 3 minutes or less to steal a car worth £40k plus, must be a good deal for a thief with minimal equipment!

Lexis only want new sales and they know there is no canbus issue.

So the issue is what price will they pay for part ex.so If it a normal partex price?

But I have feeling the part ex price will be considerably lower, which means they HAVE accepted an issue with the thefts and security!

Lexus reputation is on the line, so I have a feeling they want to do the plates but keep it quiet and do it slowly so as not to distract sales

[eightk]

12 minutes ago, Newbie777 said:

Lexus reputation is on the line, so I have a feeling they want to do the plates but keep it quiet and do it slowly so as not to distract sales

They’re only doing the RX so their name will still be mud as far as LC, LS, UX, NX and ES owners are concerned. If they do nothing their name will also be mud with insurers. See JLR auction prices for how well that plan worked out.

The only way to solve it is to make a Lexus something thieves aren’t interested in, by fixing every afflicted car. Every single one. By recall. Not by owners chasing Lexus on an individual basis because Dave down the pub said they could get something done about it if they asked nicely.
The first post from new members here is “my cars gone, apparently I could have had some plates fitted to stop it”. That ain’t good enough.

Suggesting to owners they fit immobilisers and (now proven pointless) steering locks ain’t good enough either. 

[wewillnotbefobbedoff]

BRAVO

[GMB]

Doom and Gloom. Do you ever get the feeling that we ( as Lexus owners ) are about to become extinct? Canbus, Insurance, road tax ( for those of us that own proper cars ), Energy prices ( cold isn't it? ) no police, council tax, inflation,  I am getting bored now.......... But at least I had good news today. The Doctor told me that I had early onset dementia so I will have forgotten about it by tomorrow morning. Yippee!

[wewillnotbefobbedoff]

Going extinct maybe, but just as long as we are still alive and kicking, many of us intend to try to carry on enjoying it while we can.

Antibiotic resistance, Putin, AI taking over the world, 1% of the world's population owning 59% of it's wealth. Very little we can do about these, but by kicking up enough of a fuss over Lexus canbus theft we might get to save enough on insurance for a little holiday and get to leave our cars without the stress of wondering if they'll be there when we need them such a going to the hospital to treat our dementia even if it is someone else that has to drive us.

 

[GMB]

Wondering if what will be where? Sorry, what were we talking about?🫥😴

[Linas.P]

2 hours ago, eightk said:

They’re only doing the RX so their name will still be mud as far as LC, LS, UX, NX and ES owners are concerned. If they do nothing their name will also be mud with insurers. See JLR auction prices for how well that plan worked out.

The only way to solve it is to make a Lexus something thieves aren’t interested in, by fixing every afflicted car. Every single one. By recall. Not by owners chasing Lexus on an individual basis because Dave down the pub said they could get something done about it if they asked nicely.
The first post from new members here is “my cars gone, apparently I could have had some plates fitted to stop it”. That ain’t good enough.

Suggesting to owners they fit immobilisers and (now proven pointless) steering locks ain’t good enough either. 

Definitely recall, I said same thing elsewhere - right thing to do would be to recall every car, but it seems they are not biting that bullet yet. To fix issue properly I assume they need to replace ECU, reprogram it at very least, although I assume if it wasn't designed for encryption it is fundamental enough to warrant replacement. That is a lot of money.

Other thing which may happen (and has happened), they may do it for US and leave UK to suffer, UK just isn't their key market and honestly they don't care what happens here in grand scheme of things, they have showed it times and times again over the years.

The other problem - this is not considered safety issue so DVLA does not give a flying f... I still think this is consumer protection problem. This isn't individual car, or small number of affected cars... this is issue with ALL the cars for like 5 years period (actually it is broader than I thought, before Colin listed all affected cars, perhaps only saving grace - not all cars are attractive for thieves). 

On top of that - let's just face it, it didn't come from nowhere, Lexus already had security vulnerability with keyless entry, so they are not Tesla that is coming from nowhere and who didn't know what the "real life" looks like, they knew any vulnerability will be exploited by thieves, they not small company either (Toyota certainly isn't and this is system comes from Toyota, RAV4 is widely known to be one of the most affected cars due to easy access of wiring). So it is absolutelly inexcusable they that they have not considered every aspect of the system. Like engine start and immobilisers has to be isolated from the rest and it should be buried under panels etc. This isn't even new concept - if you tried accessing immobiliser even on old Lexus/ Toyota you would know that is 2 hours job with dash out and then you need to program them once done, which is another 30 minutes. It is just unthinkable that they left CANBUS totally open and you can just plug into it and do whatever you like. 

[LexusDisappoints]

I am speechless!  I have only just discovered this issue by chance.  I would be more than happy to join in action against Lexus.  I own a RX450.

[peniole]

How about we get Mr. Loophole to look into it. See his comments on the latest Guardian article:

https://www.theguardian.com/money/2024/feb/24/smart-keys-car-crime-thieves-hi-tech-arms-race

Motoring lawyer Nick Freeman said: “There is a strong legal argument to say these cars are insecure and not fit for purpose. The motoring industry has been negligent. It has failed to prioritise security and motorists are paying the price."

also see: https://www.theguardian.com/uk-news/2024/feb/24/revealed-car-industry-was-warned-keyless-vehicles-vulnerable-to-theft-a-decade-ago

[Linas.P]

2 hours ago, peniole said:

How about we get Mr. Loophole to look into it. See his comments on the latest Guardian article:

https://www.theguardian.com/money/2024/feb/24/smart-keys-car-crime-thieves-hi-tech-arms-race

Motoring lawyer Nick Freeman said: “There is a strong legal argument to say these cars are insecure and not fit for purpose. The motoring industry has been negligent. It has failed to prioritise security and motorists are paying the price."

also see: https://www.theguardian.com/uk-news/2024/feb/24/revealed-car-industry-was-warned-keyless-vehicles-vulnerable-to-theft-a-decade-ago

I think that it is much easier to know "what it is" than proving it in the court i.e. "strong legal argument" is not the same as "legal victory in court". Also in UK there are no such thing as "class action" so it is much harder to take manufacturers to the court on behalf of consumers. That is why in US Lexus and Toyota quite often have TSIBs and fixes cars for free, but refuse to carry out identical work in UK - they are just not afraid of liability in UK.

Another thing - keyless vulnerability is not the same as CANBUS attack. And it could be argued it is both worse and better at the same time. It is better, because CANBUS can actually be resolved in many ways securing the cars without losing any functionality e.g. by encrypting CANBUS network, or by simply running the cables in difficult to access places (like within frame rails), but it is worse because it will require physical changes to the cars affected. Keyless vulnerability on other hand cannot be fixed at all, because it is fundamental vulnerability of the technology, the only way to fix it is to disable keyless (which is often done), but then you lose the functionality itself - in short it is impossible to have keyless entry and not to have vulnerability. My personal solution would be to mitigate the keyless with aftermarket immobiliser (there are caveats to it thought), as for CANBUS - the only way I can see is to avoid affected cars until they are at least 5-8 years old.

I think the easiest way to approach this for legal resolution would be from consumer protection stand point, the argument should start from establishing the date of when vulnerability of CANBUS was first recognised by Lexus/Toyota internally. Then using that date we can look into Lexus/Toyota marketing and advertising specifically looking for any references to "anti-theft features, safety, security, piece of mind" etc. and then make a case that they were misselling (or a false advertisement) the vehicles knowing they were vulnerable, but marketing them as secure. That still leaves all the owners of cars before Lexus internally identified the issue in the dark and the ones who bought the cars after that still responsible for making their own individual cases. 

So in theory how that would look like - there should be a single case which takes advantage of facts and set precedent, probably goes all the way to Supreme Court. Then using this binding precedent others have to individually sue Lexus/Toyota and they likely to get easy settlement. Overtime, as individual cases would be much more expensive to administrate, Lexus/Toyota may decide that it would be cheaper to simply recall and fix all the affected cars and therefore close the legal exposure, but this is very long winded process and it will require someone to "take it for the team" i.e. sue Lexus/Toyota, pay all legal fees etc. But again - there has to be proven link between Lexus knowing vulnerability exists, but stating in writing on some material that car is "safe", this would be "long shot" legally speaking.

[LexusDisappoints]

Can someone please describe the ‘plate’ that is available to protect RXs.

[Linas.P]

9 minutes ago, LexusDisappoints said:

Can someone please describe the ‘plate’ that is available to protect RXs.

Depends on the car, but my understanding it is purpose designed metal cover that fits under the bumper where the CANBUS is exposed and most vulnerable. 

Seems like "sticking the plaster" solution, it would slow down thieves, but does not fully resolve the issue. It is much like putting yellow steering lock for the car with keyless vulnerability - yes it will delay thieves and that may prove enough for them to abandon the attempt, but I can't see it being sufficient to completely resolve it. 

Toyota seems to charge £70 to fit it, so they reckon 30 min job (assuming 1 hour is £140, which is about right for for Toyota, Lexus would be £195). So if it takes 30 min to fit nicely, I can't see it taking longer than 5 min for thieves to remove it.

Now to be fair - I personally have not seen how it looks like and how it is fitted, so take this as educated guess at best. We could also call it "cat an mouse game" - thieves found 1 vulnerability, Toyota patched that part, thieves will find another vulnerability eventually... and because "plate" does not fundamentally resolve the issue, I am sure there will be other ways to attack the cars. 

[Spock66]

1 hour ago, LexusDisappoints said:

Can someone please describe the ‘plate’ that is available to protect RXs.

Contact Lexus Customer Relations to have it fitted - cr@lexus.co.uk

[DavidCM]

On 1/18/2024 at 9:50 PM, Linas.P said:

 To fix issue properly I assume they need to replace ECU, reprogram it at very least, although I assume if it wasn't designed for encryption it is 

Seeing Lexus' IT expertise on less important things like the Link App,can you imagine the balls up they could make on a project like this,......

[talaipwros]

3 hours ago, Spock66 said:

Contact Lexus Customer Relations to have it fitted - cr@lexus.co.uk

Having mine fitted on Monday,  they said 1 hour's work.

[fezman]

Apparently Lexus fund an hours labour, it took about 90mins for mine

[LexusDisappoints]

Car (1st reg. 06/20) is to be serviced this week.  I have raised the issue with the dealer and sent an email to Lexus Customer Relations as recommended.

[Hayzee]

On 2/26/2024 at 10:34 AM, LexusDisappoints said:

Can someone please describe the ‘plate’ that is available to protect RXs.

Here's a pic of the plate fitted to a RAV4 (from the RAV4 forum). The plate covers the canbus plug by the nearside front headlight so it can't be unlatched and pulled out stopping the thief's canbus attack electronics being plugged in. Thieves would pull out the wheel arch trims and front bumper to access the latch.

[LexusDisappoints]

Thank you to those who replied to my question about the 'protection' plate(s).

The plates have been installed by the Lexus dealer.   I also have a Stop Lock Pro Elite taking up space in my top of the range RX450h, no doubt offering opportunities for damage to the interior over time.  In essence, I have two sticking plasters that offer nothing, other than delay and minor inconvenience to would-be car thieves.

Lexus Customer Relations advise it has taken seven years for thieves to discover the opportunity to steal Generation 4 cars in seconds.  Apparently senior management are aware of the '... shocking impact on customers, insurance companies and Lexus'.  Clearly, customers will pay the price for the theft of their Lexus cars and the increase in insurance costs.  What impact the issue will have on sales of new Lexus vehicles and second-hand values will remain to be seen?  I anticipate this is the sole issue that will provoke any further action from Lexus/Toyota.

However, the Generation 5 RX is manufactured to a different global architecture so they will not be targeted in the same way.  So that's all right then ... .

[PDM]

5 hours ago, LexusDisappoints said:

Thank you to those who replied to my question about the 'protection' plate(s).

The plates have been installed by the Lexus dealer.   I also have a Stop Lock Pro Elite taking up space in my top of the range RX450h, no doubt offering opportunities for damage to the interior over time.  In essence, I have two sticking plasters that offer nothing, other than delay and minor inconvenience to would-be car thieves.

Lexus Customer Relations advise it has taken seven years for thieves to discover the opportunity to steal Generation 4 cars in seconds.  Apparently senior management are aware of the '... shocking impact on customers, insurance companies and Lexus'.  Clearly, customers will pay the price for the theft of their Lexus cars and the increase in insurance costs.  What impact the issue will have on sales of new Lexus vehicles and second-hand values will remain to be seen?  I anticipate this is the sole issue that will provoke any further action from Lexus/Toyota.

However, the Generation 5 RX is manufactured to a different global architecture so they will not be targeted in the same way.  So that's all right then ... .

 

As a fellow 4RX owner I feel your pain. You may have seen on another thread that one of the sticking plasters is unfortunately starting to peel off: there was a report of a vehicle with the plate fitted being stolen... I have already sent that info to customer relations.

If they want to be specific about the gen 4 RX, it has not taken 7 years. The vehicle was being delivered to the the UK in early 2016 I believe.  The first CAN theft I can find on the web is February 2021 in Japan. That's 5 years.

Second hand values have dropped significantly on 4 RX in the last 12 months unfortunately.

Paul