Consumers Act 2015; this letter I wrote seems to have got Lexus a bit more focused on the issue. I've now had an kill switch fitted and pledge to fit the prototype armour. They've not agreed to a CAN bus immobiliser.
The Consumer Rights Act 2015 gives me rights when I buy a product that it is fit for purpose, as described and in satisfactory quality. It has come to my attention through reliable media reports that my Lexus RX has an easily exploited security vulnerability due to a non-encrypted CAN bus network, which is easily accessed by hand prying open the bumper and wheel to expose a front headlight connector, overriding the immobilizer. My Lexus now has the unenviable boast of entering the top 10 most stolen cars in the UK, according to the Telegraph newspaper, with associated increased insurance costs and difficulties. The security evidently isn’t fit for purpose, as described or of a satisfactory quality. I’ve discussed this with my local garage, and they mistakenly think this is my problem. I am temporarily using an additional steering wheel lock, and reducing use of my car, but this isn’t a proper resolution.
The way to resolve this issue would be to upgrade the CAN bus with encryption and protect the vulnerable access point. I’ve investigated myself and have recommended to me by a specialist an additional CAN bus immobilizer (Approx £500 for a Ghost system). I would like you to cover the costs of this additional security or advise on what other measures you are planning to take and the timescales. If I don’t get a satisfactory response, I may install the additional immobilizer myself with a protection / armor for the entry point, and additional out of pocket costs related to theft insurance, and pursue the costs through a small claims court.