2nd gen NX at risk of CAN injection theft?
#1
Driver
Thread Starter
2nd gen NX at risk of CAN injection theft?
Didn’t see any posts on this for our NXs but anyone have info on whether it’s at risk from CAN bus injection theft?
For those unaware, similar year RAV4s, RXs, and some other Toyota/Lexus models have an easy to access wiring harness connector located near the front left headlight. Thieves can pull open the front bumper, plug in their device to the wiring, gain full access to the car, and drive off. This can be done in under two minutes.
A very concerning problem and in my opinion worse than the keyless relay method. Last thing I want to worry about is a KIA boys style rampant theft for our cars.
More info -
https://arstechnica.com/information-...n-attacks/amp/
https://kentindell.github.io/2023/04...ium=ForumLinks
For those unaware, similar year RAV4s, RXs, and some other Toyota/Lexus models have an easy to access wiring harness connector located near the front left headlight. Thieves can pull open the front bumper, plug in their device to the wiring, gain full access to the car, and drive off. This can be done in under two minutes.
A very concerning problem and in my opinion worse than the keyless relay method. Last thing I want to worry about is a KIA boys style rampant theft for our cars.
More info -
https://arstechnica.com/information-...n-attacks/amp/
https://kentindell.github.io/2023/04...ium=ForumLinks
Last edited by Jawnathin; 04-10-23 at 09:46 AM.
#2
I saw those stories as well. Have an Autowatch Ghost II immobilizer installed in my car. Didn't want to go through the process of having a car stolen again!. This one connects through the CAN bus network. You essentially become the fob as you pick a series of button presses using various buttons already installed in the car. No warning lights or external fobs. One small sticker on the drivers side window. Won't keep thieves from getting into the car by force but without the right sequence of presses, the car will not start. I also have a steering wheel bar with a combination lock to deter the amateur thieves which I use in very theft prone parking lots.
Sad that we have to go to these extremes to protect our vehicles. Manufacturers should install this type of preventative technology at the factory. Wife has already said of this one is stolen, we're buying a crappy car that no one wants to steal.
Sad that we have to go to these extremes to protect our vehicles. Manufacturers should install this type of preventative technology at the factory. Wife has already said of this one is stolen, we're buying a crappy car that no one wants to steal.
#3
I saw those stories as well. Have an Autowatch Ghost II immobilizer installed in my car. Didn't want to go through the process of having a car stolen again!. This one connects through the CAN bus network. You essentially become the fob as you pick a series of button presses using various buttons already installed in the car. No warning lights or external fobs. One small sticker on the drivers side window. Won't keep thieves from getting into the car by force but without the right sequence of presses, the car will not start. I also have a steering wheel bar with a combination lock to deter the amateur thieves which I use in very theft prone parking lots.
Sad that we have to go to these extremes to protect our vehicles. Manufacturers should install this type of preventative technology at the factory. Wife has already said of this one is stolen, we're buying a crappy car that no one wants to steal.
Sad that we have to go to these extremes to protect our vehicles. Manufacturers should install this type of preventative technology at the factory. Wife has already said of this one is stolen, we're buying a crappy car that no one wants to steal.
#4
#5
Advanced
Hey Lexus, Hey Lexus what are you going to do to fix this?
#6
The CAN bus theft issue has been reported and debated on the UK Lexus owners forum as these thefts are happening on this side of the pond also. Indeed, one intrepid forum member has written to Lexus UK to try to ascertain what Lexus plan to do to mitigate this exact problem. Lexus UK said that they are aware of this vulnerability but added that no car can be totally theft-proof and that a software update to the CAN bus network built into their cars cannot be executed post-build - something that people with some knowledge of the technology would contest. They did say, however, that they are planning to trial the (retro) fitment of a metal plate in the vulnerable area in the wheel arch that will make access to the CAN bus wiring much harder, if not impossible. So we will have to wait and see what transpires in that regard.
#7
The CAN bus theft issue has been reported and debated on the UK Lexus owners forum as these thefts are happening on this side of the pond also. Indeed, one intrepid forum member has written to Lexus UK to try to ascertain what Lexus plan to do to mitigate this exact problem. Lexus UK said that they are aware of this vulnerability but added that no car can be totally theft-proof and that a software update to the CAN bus network built into their cars cannot be executed post-build - something that people with some knowledge of the technology would contest. They did say, however, that they are planning to trial the (retro) fitment of a metal plate in the vulnerable area in the wheel arch that will make access to the CAN bus wiring much harder, if not impossible. So we will have to wait and see what transpires in that regard.
The CAN bus theft method is still a very hot topic in the UK. There have been multiple reports on the UK forums of thefts via this method - mainly of the RX (Gen 4 I believe - not the latest model, at least not yet but they are still pretty rare over here) and of the latest ES. So far, there have been no reports of the NX being stolen this way (famous last words). As a result we are seeing insurance premiums for all Lexus models rise sharply, which is believed to be related to this vulnerability - at least in part. Various owners, including myself, have contacted Lexus UK to relay our concerns over this vulnerability and most have received a stock reply from Lexus stating that they are aware of the issue but no car can be totally theft-proof, blah, blah, blah. The specific reply to me stated that there have been no reports to them of NXs being stolen via this method. Lexus still don't seem to have any desire to solve this issue via a software update to the CAN bus system itself.
With regards to the fitment of the afore-mentioned metal plate to add more protection to the affected area in the wheel arch, Lexus UK have begun to fit these - but only to RXs at present (I assume that they feel that it's the RX that is most at risk). Some RX owners have had them fitted for free; others have been charged for it (approximately $200 of your currency). I don't believe that there are any plans currently to fit them to the NX.
Hopefully this gives you guys some reassurance (or maybe not!).
The following users liked this post:
Billst (08-09-23)
Trending Topics
#8
I was in touch with Lexus U.K. concerning my new car due to arrive at dealer next week. They reassured me that the issue is different to the RX as more difficult to access and software has been improved thus no reported thefts - yet -. So no fix or plate available or needed. The main issue, with RX, has been restricted to a certain area of London but the theft software has been on general sale. They were not happy to publicly say more as this would just help the thieves develop their product. The insurance companies must know - they have quoted a not unsubstantial, reduction for me as I change from my 2020 RAV4 . Even though I live far from London.
#10
I saw those stories as well. Have an Autowatch Ghost II immobilizer installed in my car. Didn't want to go through the process of having a car stolen again!. This one connects through the CAN bus network. You essentially become the fob as you pick a series of button presses using various buttons already installed in the car. No warning lights or external fobs. One small sticker on the drivers side window. Won't keep thieves from getting into the car by force but without the right sequence of presses, the car will not start. I also have a steering wheel bar with a combination lock to deter the amateur thieves which I use in very theft prone parking lots.
Sad that we have to go to these extremes to protect our vehicles. Manufacturers should install this type of preventative technology at the factory. Wife has already said of this one is stolen, we're buying a crappy car that no one wants to steal.
Sad that we have to go to these extremes to protect our vehicles. Manufacturers should install this type of preventative technology at the factory. Wife has already said of this one is stolen, we're buying a crappy car that no one wants to steal.
the vehicle warranty?
#11
#13
My dealer in Ottawa now offers to have the IGLA installed (third party) at time of purchase. I would assume that it doesn’t void the warranty if it’s available through the dealer.
Of note, they mentioned Lexus has made
some changes to the 2024 model year to improve security. They can’t say what Lexus have done but that none of the 2024s have been reported stolen via the “drive away” venerabilities……”yet”.
I added the “yet”
Of note, they mentioned Lexus has made
some changes to the 2024 model year to improve security. They can’t say what Lexus have done but that none of the 2024s have been reported stolen via the “drive away” venerabilities……”yet”.
I added the “yet”
#14
My insurance company, ,NFU Mutual, is one of the most respected in the U.K. The were very particular when I was transferring from my RAV4 (2020 hybrid) to the NX 450h+ Takumi, that I had not added to or altered the existing security. Collecting the new car today. Only a few weeks to my insurance renewal date but they are giving me a rebate! NX is lower insurance risk than RAV4 - provided you do not add to or alter existing security.
Do they treat added security such as Ghost, as a red flag that indicates you think your car is less secure?
I was quite particular in checking security risk directly with Lexus U.K. in light of the high number of reported Lexus thefts in London. I talked directly with senior CS. I was fully assured.
The new NX is a very different beast from the old RX that is being targeted. In conjunction with Police, a large number of devices designed to target RX have been seized and tested and arrests have been made. They would not work on new NX. Lexus asked me not to mention certain factors in user groups as we are monitored by toe rags. It will obviously be a constant battle but at the moment I believe we are reasonably safe and Lexus are actively monitoring theft risk. If this were not so, I would not be handing over some $80k today.
Do they treat added security such as Ghost, as a red flag that indicates you think your car is less secure?
I was quite particular in checking security risk directly with Lexus U.K. in light of the high number of reported Lexus thefts in London. I talked directly with senior CS. I was fully assured.
The new NX is a very different beast from the old RX that is being targeted. In conjunction with Police, a large number of devices designed to target RX have been seized and tested and arrests have been made. They would not work on new NX. Lexus asked me not to mention certain factors in user groups as we are monitored by toe rags. It will obviously be a constant battle but at the moment I believe we are reasonably safe and Lexus are actively monitoring theft risk. If this were not so, I would not be handing over some $80k today.
#15
My dealer in Ottawa now offers to have the IGLA installed (third party) at time of purchase. I would assume that it doesn’t void the warranty if it’s available through the dealer.
Of note, they mentioned Lexus has made
some changes to the 2024 model year to improve security. They can’t say what Lexus have done but that none of the 2024s have been reported stolen via the “drive away” venerabilities……”yet”.
I added the “yet”
Of note, they mentioned Lexus has made
some changes to the 2024 model year to improve security. They can’t say what Lexus have done but that none of the 2024s have been reported stolen via the “drive away” venerabilities……”yet”.
I added the “yet”