DaveyBoy

Just spoke to Lexus and been told the hardware solution (not the plates, and whatever it is, could be a software update) is due sometime in May. They don't know details of what will be updated/changed, neither do Lexus UK (or whomever the dealership spoke to on their Lexus network). I've started a new job, so travelling down south just went from once a month to daily! Just hoping the roll-out is fast and is done as a recall so everyone gets done, and then the baddies won't be able to play pot luck with us, as all cars will be done.

Wow. Swapping out components. That'll cost. The existing canbus parts will be removed and new parts fitted. Could be a newly developed canbus bridge processor or a hybrid of the new platform components or anything really. This will have taken time to develop and put a distribution system in place. Probably piggy back of the new platform for key distribution, if encrypted units are being used. They talk of a countermeasure. So this could be anything really. Nice to be vague, best to keep it that way. I'll eat my words.......

Nice that 2 people were collared. It's the best outcome. The car might still end up scrapped. I watched a you tube channel where the gangs strip cars in a day. Engine, seats, interior the lot out and boxed up ready to ship. Amazing. It's because they don't need to worry too much about breaking things. They often cut cheap parts to get the expensive ones out. Typically BMW cars though. First I've heard of lexus being striped.

I think you might find that the enhanced plates are not at all enhanced. People without all the facts say some total bs. What probably happened is the original plates were prototype and the final plate design differed a bit. Lexus were experimenting at the beginning. We all knew the plates were a stop gap. I think I might look into adding some additional protection for the wiring loom. A firmware update will never happen. It's far too difficult and expensive to roll out because for every 100 successful flashes, one car will fail and the boxes will be dead. That will cost £££ to put right. A preliminary firmware fix as previously discussed by a security researcher would only be a stop gap also, because the thieves will eventually obtain a work around. Only fully encrypted units will work and our cars hardware do not have the processing chips to handle encryption. Therefore a permanent solution cannot exist ever. Get a scorpion or similar chip. Have a steering wheel lock. And hope for the best. The 4RX is a dead car. Trade in for a 5RX or another brand not affected by this exploit. No point demanding the impossible.

From what I understand, mark 5 is fully encrypted. But I cannot confirm.

So far, these attempts indicate that the plates are working. With enough failed attempts, they might just jog on and stick to range rovers.

As an example, there are videos on YouTube when gangs strip a car in a day. Engine, all interior - seats dash, the lot, basically leaving just a chassis. 1 day! I've seen high end BMW m series cars stripped for parts, boxes up, in just 1 day. They do it because they work in a very large teams of 10 people or more. They don't care if some things get broken, as they want the bits that are with money. A garage does stuff with 1 or 2 people in comparison, so they take a long time. Their goal isn't too break stuff.

Security is built up in layers, like an onion. Each layer adds time and complexity. These plates are another layer, come unprepared they work, know what to do and they add about 1 to 2 minutes. Steering locks are the same. Watch some videos on them and you'll see how quick many are to remove if you know what to do. The key is --- if you know what to do. Stop lock pro - cut steering wheel. 2 minutes and noise. Disc lock 10 minutes, I've no idea how they take that off. Ghost etc, can be removed in about 10 minutes, if you look in the typical installation locations and it is there. If it's somewhere else, it could take an hour. Ultimately, it can be removed. Hence all security can be defeated. It's all about giving you time and making each layer more of a challenge. These plates will work only until a method to defeat them is found. It's not just us who have the internet! Amy photos will have the internet buzzing with ideas and gangs will be asked to try each method until success is reported. Then it's game over again. I see these as a decent solution for 1 to 3 years only. How long they last, depends on you.

The plates will work unless you come equipped to deal with them. Hence, advising no pictures. The bad guys come at night and are generally in a hurry, not likely to take their own photos and come back after figuring out the jigsaw puzzle solution. this topic advise is to get lexus UK to fit them, contact them via customer relations. Then fit some kind of steering lock or canbus chip like ghost or scorpion etc. That is all we should do. Sorry Rayaans, this isn't a rant. But I hope you understand the general consensus on not posting pictures.

No pictures. As that would give an open forum all the information they would need for the bad people to work on a solution

Ah, so it appears the Phantom works to defeat the wheel arch CANBUS attack. Roughly, how much did this cost to fit? Their website says pricing is dependent on the fitter.

well? did you get the car with AVS? does it ride well/soft?

The gangs are well kitted and have all the tools to cut locks off. A steering wheel lock may only deter. As Len said, you car might be parked a few streets away while waiting for a tracker van to find the car. They'll collect it about 2 days later. So if you look, you might get lucky. Highly doubtful though. But I have read of one car being recovered this way. Local hot spot for car drops. They choose places with no cctv. And good access to a major road, in a residential area. They don't usually choose commercial estates.

Sorry to hear this Steve. I'm assuming you had no steering lock. Unfortunately, most cars are affected. Landover BMW etc. You'd need to do serious research to find protected models. I think most VW cars in the last few years are ok as they were one of the first to encrypt the can bus signals. For lexus, you'd need the new models for 2023. So probably UX, maybe the new RX. But not any old 2023 lexus will be safe. Also, ghost immobilizer has been reported to NOT offer canbus protection for this latest attack despite rumours that it does. Go and check Landover forums and YouTube. I've seen reports myself. As anything on the internet, he careful what you read. Doubt the truth in everything. Assume all cars are vulnerable until you find evidence of encrypted can bus.

@dazza1168 The 12v battery is least of your worry. If it goes flat its cheap to replace. It's the HV battery I'd worry about. Like Rayaans said, run the car every 2 to 4 weeks for 10 to 20 minutes until the engine trips off would help. But it's best to drive around the block. Good luck on your OOA.

I'm gutted for you. This is outrageous. I would suggest looking into vehicles using encrypted canbus units. I've just had my Lexus fitted with protection plates. They look like they go on both sides of the car. They will definitely stop thieves removing the plug from the headlights. Time will tell if this is successful. I think it will be. https://kentindell.github.io/2023/04/03/can-injection/ https://www.theregister.com/2023/04/06/can_injection_attack_car_theft/ this links to the link above too. I feel a right *ick putting a Stoplock on every time. But I've gotten into the habit now. Still, there are videos of them removing stoplocks in about 5 minutes with angle grinders. Sick of explaining to co-workers why I'm using a stoplock. Jurys still out whether Ghost et al will work against this exploit. The link to the research suggests in general, immobilizer chips don't work. The author has been asked directly in comments a couple of times and has not answered. Possibly because they don't know for sure / don't want to risk being sued. Trackers are not that useful because they have GPS & phone jammers. Lexus cars are shipped out of the UK in a matter of days, in shipping containers. So GPS doesn't work inside a metal box. That's often when they lose track of the car, as the container is then moved. Other brands are stripped in just 24h. There's a Youtube channel from a tracker firm which shows you just how fast the thieves work. Stripped to bare chassis, engine out the lot. They even box it all up ready to go. Anyone have any ideas on a suitable kill switch device?

welcome to the forum @therealrjp. Get a stop lock and worry less. The thieves are after easy pickings, so have a visible bright yellow deterrent and they'll steal next doors car instead! That's how house robberies go! They look for least resistance, no gates, no lights, no cameras, no alarms.

Lexus Lincoln didn't know about this a month ago, but do now! They had one of their own forecourt vehicles stolen using the CANBUS attack, exactly how I described to them a month ago! They managed to retrieve it from a container the same day, I think it was at Nottingham ready to be shipped. I think it was a HiLux, not sure I really remember the vehicle correctly. They said it caused about £1000 of damage. They were amazed how quickly it was taken. They've now taken the matter seriously and have pressed Lexus UK for the device I asked them for. Funny how it had to happen to them before they could give a toss.

I was wrong about putting the Canbus negative but instead it just drops the voltage very low. Or so it appears. You'll have to forgive as it's was a while ago I read the article. Anyway, link reapplied so read it yourself

@WipeOut From the link: This is the secondary purpose of the dominant-override mechanism: it is able to defeat CAN security hardware. For example, the silicon vendor NXP has product called the Stinger that is a CAN transceiver with security logic built-in that detects a spoof frame and destroys it with a CAN error.

@WipeOut please read the link provided by eighuk above. This was on page 4 is this thread. The text "When the CAN Injector actively enables its dominant-override then it effectively blocks other CAN devices from transmitting on the bus and forces its own spoof frames to be the only ones received" onwards leads you into some products that don't work. while ghost is not mentioned, it does state while products like it won't work. It's because they reject bad Canbus frames but this attack doesn't work like that at all. this attack basically takes over your Canbus, using your own Canbus master controller against the car! Very smart attack.

I thought so. It's been a while since I read the technical break down of the theft. The details escape me but I do remember that the popular can bus immobilisers wouldn't work, Im sure ghost was mentioned. From what I see, a steel pipe or plate to prevent access to the cable is the only sure way. But also, the stoplock to add a deterrent. It's a sad conclusion.

Android auto correct at it again! Not fixing it, I'm sure you can work out the correct words. I bought the stoplock pro and so did a few others on here. You get used to it quickly. One also turned off the auto magic unlock and now have to press buttons to open my car and put the fob on the start button and press start to start the car. You get used to that too. Nobody knows the price of the Lexus steel plate fix yet. Until then, do what you can. I looked into a remote immobiliser which interrupts the fuel line. But it's expensive and I think it would be to much of a pain in the bum to do each time I want to start the car. Plus a visible deterrent like the stop lock dissuades them rather than have them damage the car and find they cannot start it. The other car models that are not affected are because the door computer is not on a bus they can easily get to. This attack works on other brands and not just Lexus. They just need easy access to a Canbus cable. Only a few car models have encrypted Canbus modules. You can expect all future cars will be like this, eventually. The roll out will be just as slow as the crappy entertainment systems upgrades which have followed Tesla, by about 10 years. Carplay and android auto, yeah it will take some significant time.

@WipeOut There is a link on here or another Lexus forum which takes you to a page which describes the attack in detail. Basically can bus is a master slave arrangement. The attack, puts a voltage on the two wires, negative I think, which takes control array from the master. When the master tries to take control of the bus, the village is raised a little, but it's enough for the attacker to issue commands as a new master. The trick is, the slave does not know there is a second master as technically there cannot be one. The door computer is in the same bus. The attacker issues commands to unlock the door. Once inside the car, they hook up to your ODB port and commands a car start and possible reprogrammed a key, I don't know that last part. But they do commands the car to start. Ghost had been shown to be ineffective because the attack does something that nobody expected, putting negative voltage on the wires. No can his Canbus immobiliser will work. Get a strong steering wheel lock. Check reviews as done can be broken in 5 seconds. Stoplock pro or the full wheel cover work One thing you might do is put a lock on your ODB port. That MIGHT help but am not sure. Is need to look at that attack webpage again to verify exactly has this attack is performed.

@WipeOut Ghost immobiliser will not work against this can bus attack.