Theft protection/immobilizers?
#1
Theft protection/immobilizers?
Does anyone know what theft deterrents are in the new NXs? Im in canada so i assume they all have immobilizers, but it seems RXs get stolen with alarming frequency. Wondering if the NX is similarly susceptable, or if there are any new protections with them?
theres was some random mention of new encryption and verification required on canbus or something, but i cant find any mention if it aside from like one post by some random person.
theres was some random mention of new encryption and verification required on canbus or something, but i cant find any mention if it aside from like one post by some random person.
#2
Previous Theft Threads
There has already been a lot of threads on theft and theft prevention; here is a list of some of them:
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
Hopefully, some of these previous threads will help.
YMMV,
MidCow3
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
https://www.clublexus.com/forums/nx-...ighlight=theft
Hopefully, some of these previous threads will help.
YMMV,
MidCow3
The following users liked this post:
Naito (08-12-24)
#3
I have one installed on my 2024 NX350h which was bought in Vaughn
Seems like only dealers in Toronto area are installing these immobilizers
I suspect that these are causing to battery drain IMHO
Dealer in London ON for example never heard about these They call these "aftermarket"
I am thinking of disconnecting this but not sure where and how
Seems like only dealers in Toronto area are installing these immobilizers
I suspect that these are causing to battery drain IMHO
Dealer in London ON for example never heard about these They call these "aftermarket"
I am thinking of disconnecting this but not sure where and how
#4
Thanks midcow, that's a wealth of info to dig through. Still seems difficult to figure out exactly what systems are there for protection and what the vulnerabilities are though. I'm used to my older cars, key + immobilizer, that's easy to understand. Immobilizer is a RFID chip on the key, keyed to ECU, nothing starts if none of that is linked.
On these new keyless cars, seems there's a multitude of additional vulnerabilities.
1) radio repeaters, to make the key seem closer than it is and allow thieves to start the car even if the key is inside your house
- you can disable the key's radio with a special keypress?
- farraday cage storage for your keys otherwise?
2) canbus attack, going through the car exterior to access a canbus peripheral and commanding doors to unlock.
3) OBD port access allowing thieves to program their own key and start car that way?
Does that sound like a good summary of the current state? Has anything changed/been improved on recent models?
I know there's no perfect security, and if someone really wants your car they'll just tow it and deal with it later, but I do want a good understanding of what defences are already there and which should be augmented.
On these new keyless cars, seems there's a multitude of additional vulnerabilities.
1) radio repeaters, to make the key seem closer than it is and allow thieves to start the car even if the key is inside your house
- you can disable the key's radio with a special keypress?
- farraday cage storage for your keys otherwise?
2) canbus attack, going through the car exterior to access a canbus peripheral and commanding doors to unlock.
3) OBD port access allowing thieves to program their own key and start car that way?
Does that sound like a good summary of the current state? Has anything changed/been improved on recent models?
I know there's no perfect security, and if someone really wants your car they'll just tow it and deal with it later, but I do want a good understanding of what defences are already there and which should be augmented.
#5
1 and 3 are still a thing but can be mitigated somewhat with physical measures, 2 was a challenging one to protect against when bus wires were more easily exposed from the vehicle's exterior but fortunately is slowly becoming a more difficult attack type because in the last couple years Lexus has started to use encrypted communications between CAN bus modules. NX was one of the earlier Lexus models with this upgrade.
The following 2 users liked this post by Droid13:
Naito (08-12-24),
Rathmullan (10-06-24)
#6
I heard about the encrypted CAN bus module thing......but I've only ever seen it referred to in a post somewhere on this forum. I can't seem to find anything else that refers to it, do you know if Toyota/Lexus has published anything about it?
#7
The following users liked this post:
Naito (08-12-24)
Trending Topics
#8
thanks for that! That led me to the actual statement link here:
https://mag.lexus.co.uk/lexus-uk-sta...vehicle-theft/
Hopefully that does mean NA vehicles are also similarly protected.
I definitely understand them not publishing details about exactly what was done, but it really needs to be more visible and published that they ARE doing something about it. Security by obscurity is just feel good, good security needs to be published and actively tested against. Which is probably not a stance car manufacturers agree with.
https://mag.lexus.co.uk/lexus-uk-sta...vehicle-theft/
Hopefully that does mean NA vehicles are also similarly protected.
I definitely understand them not publishing details about exactly what was done, but it really needs to be more visible and published that they ARE doing something about it. Security by obscurity is just feel good, good security needs to be published and actively tested against. Which is probably not a stance car manufacturers agree with.
#9
To summarize:
Ways your car can be stolen and common defences:
- Method: keyfob
- Technique: extending keyfob signal/repeating keyfob signal
- Countermeasure:
1 ) physical protection i.e. farraday cage for keys. Blocks radio signals from reaching car even with repeaters/boosters.
2) keyless start can be disabled by pressing holding lock button while double pressing unlock button. Re-enable by pressing the unlock button.
- Method: CAN bus highjacking
- Technique: connecting device to CAN bus via external port (commonly accessed via wheel well?) and sending signals to unlock/start car
- Countermeasure:
1) Cars built after October 2021 should have an improved security system for CAN bus peripherals, requiring signing before accepting commands. Thus even if a "hacking device" was connected to a port, the car would not accept commands from the device unless it was signed by a Lexus key. Vague details here https://mag.lexus.co.uk/lexus-uk-sta...vehicle-theft/
- Method: OBD port programming
- Technique: Once inside the car, thieves can register their own key by connecting to the car's OBD port
- Countermeasure:
- None?
Did I miss anything?
Ways your car can be stolen and common defences:
- Method: keyfob
- Technique: extending keyfob signal/repeating keyfob signal
- Countermeasure:
1 ) physical protection i.e. farraday cage for keys. Blocks radio signals from reaching car even with repeaters/boosters.
2) keyless start can be disabled by pressing holding lock button while double pressing unlock button. Re-enable by pressing the unlock button.
- Method: CAN bus highjacking
- Technique: connecting device to CAN bus via external port (commonly accessed via wheel well?) and sending signals to unlock/start car
- Countermeasure:
1) Cars built after October 2021 should have an improved security system for CAN bus peripherals, requiring signing before accepting commands. Thus even if a "hacking device" was connected to a port, the car would not accept commands from the device unless it was signed by a Lexus key. Vague details here https://mag.lexus.co.uk/lexus-uk-sta...vehicle-theft/
- Method: OBD port programming
- Technique: Once inside the car, thieves can register their own key by connecting to the car's OBD port
- Countermeasure:
- None?
Did I miss anything?
#10
I definitely understand them not publishing details about exactly what was done, but it really needs to be more visible and published that they ARE doing something about it. Security by obscurity is just feel good, good security needs to be published and actively tested against. Which is probably not a stance car manufacturers agree with.
Physically protect your ODBII port. Locks are easy enough but only slow down a thief. 3rd party devices can disrupt communications and likely to be more effective but add to complexity and will void your warranty (at least during the period they are installed, as any electrical issues will be rejected by dealer until device is removed). In my case, I have moved my ODB port to a new hidden location, a false port that has some appearance of function appears in the normal connector position. Its not foolproof either but it will hopefully slow down, frustrate and confuse.
Last edited by Droid13; 08-12-24 at 12:29 PM.
#11
To summarize:
Ways your car can be stolen and common defences:
- Method: keyfob
- Technique: extending keyfob signal/repeating keyfob signal
- Countermeasure:
1 ) physical protection i.e. farraday cage for keys. Blocks radio signals from reaching car even with repeaters/boosters.
2) keyless start can be disabled by pressing holding lock button while double pressing unlock button. Re-enable by pressing the unlock button.
- Method: CAN bus highjacking
- Technique: connecting device to CAN bus via external port (commonly accessed via wheel well?) and sending signals to unlock/start car
- Countermeasure:
1) Cars built after October 2021 should have an improved security system for CAN bus peripherals, requiring signing before accepting commands. Thus even if a "hacking device" was connected to a port, the car would not accept commands from the device unless it was signed by a Lexus key. Vague details here https://mag.lexus.co.uk/lexus-uk-sta...vehicle-theft/
- Method: OBD port programming
- Technique: Once inside the car, thieves can register their own key by connecting to the car's OBD port
- Countermeasure:
- None?
Did I miss anything?
Ways your car can be stolen and common defences:
- Method: keyfob
- Technique: extending keyfob signal/repeating keyfob signal
- Countermeasure:
1 ) physical protection i.e. farraday cage for keys. Blocks radio signals from reaching car even with repeaters/boosters.
2) keyless start can be disabled by pressing holding lock button while double pressing unlock button. Re-enable by pressing the unlock button.
- Method: CAN bus highjacking
- Technique: connecting device to CAN bus via external port (commonly accessed via wheel well?) and sending signals to unlock/start car
- Countermeasure:
1) Cars built after October 2021 should have an improved security system for CAN bus peripherals, requiring signing before accepting commands. Thus even if a "hacking device" was connected to a port, the car would not accept commands from the device unless it was signed by a Lexus key. Vague details here https://mag.lexus.co.uk/lexus-uk-sta...vehicle-theft/
- Method: OBD port programming
- Technique: Once inside the car, thieves can register their own key by connecting to the car's OBD port
- Countermeasure:
- None?
Did I miss anything?
There is also a Denso module for the key security where they can use a laptop to clear all keys and reprogram new keys as well. Instead of going to the OBD port, they are now going directly to the Denso module to reprogram keys.
The following users liked this post:
Naito (08-12-24)
#12
re: Denso module
something like this?
https://www.instructables.com/DIY-Im...-or-Swapped-E/
moving or even locking the OBD port sounds like a major warranty voider......
something like this?
https://www.instructables.com/DIY-Im...-or-Swapped-E/
moving or even locking the OBD port sounds like a major warranty voider......
#13
re: Denso module
something like this?
https://www.instructables.com/DIY-Im...-or-Swapped-E/
moving or even locking the OBD port sounds like a major warranty voider......
something like this?
https://www.instructables.com/DIY-Im...-or-Swapped-E/
moving or even locking the OBD port sounds like a major warranty voider......
This...
The following users liked this post:
Naito (08-12-24)
#14
Instead of a faraday box, my insurance recommended (and gave a discount) on this interesting product. I've had it for a couple months and works great.
It wraps around your keyfob battery and cuts the power to the keyfob if it hasn't sensed motion in three minutes. Powers back up quickly when picking up the keys.
Not sure I would have bought it without the discount, but I'm quite happy with it so far.
https://www.secure-fob.com/
It wraps around your keyfob battery and cuts the power to the keyfob if it hasn't sensed motion in three minutes. Powers back up quickly when picking up the keys.
Not sure I would have bought it without the discount, but I'm quite happy with it so far.
https://www.secure-fob.com/