Does anyone know what theft deterrents are in the new NXs? Im in canada so i assume they all have immobilizers, but it seems RXs get stolen with alarming frequency. Wondering if the NX is similarly susceptable, or if there are any new protections with them?

theres was some random mention of new encryption and verification required on canbus or something, but i cant find any mention if it aside from like one post by some random person.

 

There has already been a lot of threads on theft and theft prevention; here is a list of some of them:

https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft

Hopefully, some of these previous threads will help.

YMMV,
MidCow3

 

I have one installed on my 2024 NX350h which was bought in Vaughn
Seems like only dealers in Toronto area are installing these immobilizers
I suspect that these are causing to battery drain IMHO
Dealer in London ON for example never heard about these They call these "aftermarket"
I am thinking of disconnecting this but not sure where and how

 

Thanks midcow, that's a wealth of info to dig through. Still seems difficult to figure out exactly what systems are there for protection and what the vulnerabilities are though. I'm used to my older cars, key + immobilizer, that's easy to understand. Immobilizer is a RFID chip on the key, keyed to ECU, nothing starts if none of that is linked.

On these new keyless cars, seems there's a multitude of additional vulnerabilities.
1) radio repeaters, to make the key seem closer than it is and allow thieves to start the car even if the key is inside your house
- you can disable the key's radio with a special keypress?
- farraday cage storage for your keys otherwise?
2) canbus attack, going through the car exterior to access a canbus peripheral and commanding doors to unlock.
3) OBD port access allowing thieves to program their own key and start car that way?

Does that sound like a good summary of the current state? Has anything changed/been improved on recent models?

I know there's no perfect security, and if someone really wants your car they'll just tow it and deal with it later, but I do want a good understanding of what defences are already there and which should be augmented.

 

1 and 3 are still a thing but can be mitigated somewhat with physical measures, 2 was a challenging one to protect against when bus wires were more easily exposed from the vehicle's exterior but fortunately is slowly becoming a more difficult attack type because in the last couple years Lexus has started to use encrypted communications between CAN bus modules. NX was one of the earlier Lexus models with this upgrade.

 

I heard about the encrypted CAN bus module thing......but I've only ever seen it referred to in a post somewhere on this forum. I can't seem to find anything else that refers to it, do you know if Toyota/Lexus has published anything about it?

 

Lexus/Toyota will not publish a lot of details on the encrypted CANbus. Lexus UK did address stuff about the CANbus and noted that they have changed things starting late 2021.

 

thanks for that! That led me to the actual statement link here:
https://mag.lexus.co.uk/lexus-uk-sta...vehicle-theft/

Hopefully that does mean NA vehicles are also similarly protected.

I definitely understand them not publishing details about exactly what was done, but it really needs to be more visible and published that they ARE doing something about it. Security by obscurity is just feel good, good security needs to be published and actively tested against. Which is probably not a stance car manufacturers agree with.

 

To summarize:

Ways your car can be stolen and common defences:

- Method: keyfob
- Technique: extending keyfob signal/repeating keyfob signal
- Countermeasure:
1 ) physical protection i.e. farraday cage for keys. Blocks radio signals from reaching car even with repeaters/boosters.
2) keyless start can be disabled by pressing holding lock button while double pressing unlock button. Re-enable by pressing the unlock button.

- Method: CAN bus highjacking
- Technique: connecting device to CAN bus via external port (commonly accessed via wheel well?) and sending signals to unlock/start car
- Countermeasure:
1) Cars built after October 2021 should have an improved security system for CAN bus peripherals, requiring signing before accepting commands. Thus even if a "hacking device" was connected to a port, the car would not accept commands from the device unless it was signed by a Lexus key. Vague details here https://mag.lexus.co.uk/lexus-uk-sta...vehicle-theft/

- Method: OBD port programming
- Technique: Once inside the car, thieves can register their own key by connecting to the car's OBD port
- Countermeasure:
- None?

Did I miss anything?

 

Easier said than done with hardware based encryption. In the software world, there can be great advantages to unzipping your pants (in a manner of speak) and letting the world have a peek. If you happen to use Google Chrome or MS Edge for example, both those browsers are based on the Chromium open source code. Anyone can inspect and view the code looking for weaknesses. If one is found, within a relatively short period of time a patch is created and new versions are quickly pushed out to hundreds of millions of systems automatically and everyone is quickly back to sipping rum punches by the beach. But with hardware based systems like in a car, its not nearly so easy. Correcting errors can take months, perhaps years or never and the costs will be very high. These systems are simply not designed to be mass updateable and even if they were, that opens up a huge can of worms that future vulnerabilities might lead to even more treacherous hacking opportunities. Given the difficulty in performing updates, the detailed functioning of these systems are best not served up on a silver platter. More difficult for white hats to find issues yes, but also more difficult for black hats too and without rapid update capability, less is more in this case.

Physically protect your ODBII port. Locks are easy enough but only slow down a thief. 3rd party devices can disrupt communications and likely to be more effective but add to complexity and will void your warranty (at least during the period they are installed, as any electrical issues will be rejected by dealer until device is removed). In my case, I have moved my ODB port to a new hidden location, a false port that has some appearance of function appears in the normal connector position. Its not foolproof either but it will hopefully slow down, frustrate and confuse.

 

You can add an OBD port lock that would add an extra step to get access to it. Or you can redirect the OBD port and put a dummy one there, but again if they have enough time they can figure it out as well.

There is also a Denso module for the key security where they can use a laptop to clear all keys and reprogram new keys as well. Instead of going to the OBD port, they are now going directly to the Denso module to reprogram keys.

 

re: Denso module
something like this?

https://www.instructables.com/DIY-Im...-or-Swapped-E/

moving or even locking the OBD port sounds like a major warranty voider......

 

This...

 

Instead of a faraday box, my insurance recommended (and gave a discount) on this interesting product. I've had it for a couple months and works great.

It wraps around your keyfob battery and cuts the power to the keyfob if it hasn't sensed motion in three minutes. Powers back up quickly when picking up the keys.

Not sure I would have bought it without the discount, but I'm quite happy with it so far.

https://www.secure-fob.com/

 

that seems like a good idea, but since the new keys should be disablable via the holding lock button while double pressing unlock sequence, that seems unnecessary now? and....$200!? geezus