Do Not Sell My Personal Information Jump to content


  • Join The Club

    Join the Lexus Owners Club and be part of the Community. It's FREE!

     

Recommended Posts

10 minutes ago, PDM said:

I'm not totally convinced that encryption can't be added in software for at least few critical commands (such as "correct key present"). To me the idea of trading in a 4RX for a 5RX sounds like a triumph of hope over experience!

A firmware update is highly unlikely because the system as a whole, and the multiple ECUs involved, aren't designed for signed communication and would likely require hardware replacements, not just software. Going full encryption will never happen on these old models - Toyota/Lexus isn't even using that on current models).

  • Like 1
Link to comment
Share on other sites

4 hours ago, my pride & joy said:

How does the 5th generation RX differ to the 4th, in terms of security?

My 4th generation was stolen last year and I replaced it with another 4th. On this latest one I have had fitted a ghost immobiliser, canbus plate and use a Milenco steering wheel lock - am I still screwed?

Yes. The 5th generation RX has a signed/encrypted communication for the key and start. It’s called “Toyota Security Key” and all their newly updated/introduced models have a version of this, which means they aren’t vulnerable to the issue with the 4th gen RX, older NX, and current ES models (amongst others!). 

4 hours ago, ColinBarber said:

A firmware update is highly unlikely because the system as a whole, and the multiple ECUs involved, aren't designed for signed communication and would likely require hardware replacements, not just software. Going full encryption will never happen on these old models - Toyota/Lexus isn't even using that on current models).

Jaguar Land Rover managed it on older models going back to 2016 that had similar flaws. Experts have also said encryption for the key elects here (doors /engine start) wouldn’t add significant overhead. Toyota are the world’s largest car manufacturer - they absolutely could fix this if they chose to. 

  • Like 1
Link to comment
Share on other sites

I am not sure that I will live long enough for a software update from Lexus. I am therefore having a Ghost II installed tomorrow.

It will not stop the scumbags from damaging the car but at least I know they will not be driving it away. I hope!

Link to comment
Share on other sites

9 hours ago, Tickedon said:

Jaguar Land Rover managed it on older models going back to 2016 that had similar flaws.

No they haven't. For older vehicles they are installing trackers and immobilisers and newer ones have updated firmware in the main body ECU to detect hacks - that isn't anything like implementing encryption across the entire CAN bus.

  • Like 4
Link to comment
Share on other sites

3 hours ago, ColinBarber said:

No they haven't. For older vehicles they are installing trackers and immobilisers and newer ones have updated firmware in the main body ECU to detect hacks - that isn't anything like implementing encryption across the entire CAN bus.

And no doubt Lexus could do something similar if they could be bothered....

  • Like 1
Link to comment
Share on other sites

I had this post appear on my Twitter feed today regarding the recovery of a stolen RX. If you enlarge the photo you will see the telltale sign of the wheel arch molding having been removed. 

Looks like a tracker was the saviour on this occasion. 

SmartSelect_20240312_183220_X.thumb.jpg.6cb2b0d6794b0515b1381ac10ced8602.jpg

  • Like 2
Link to comment
Share on other sites


Nice that 2 people were collared. It's the best outcome. 

The car might still end up scrapped. I watched a you tube channel where the gangs strip cars in a day. Engine, seats, interior the lot out and boxed up ready to ship. Amazing. It's because they don't need to worry too much about breaking things. They often cut cheap parts to get the expensive ones out. Typically BMW cars though. First I've heard of lexus being striped.

Link to comment
Share on other sites

The one show tonight (13/3) had a special on stealing Lexuses!

Apparently they spoke to Lexus and Lexus confirmed that they will be releasing a software update for cars registered before 2021 that should stop the CAN bus issue.

I have already contacted my Lexus dealer and will update if I have anything further.

Has anyone heard anything?

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

8 minutes ago, Rob62 said:

The one show tonight (13/3) had a special on stealing Lexuses!

Apparently they spoke to Lexus and Lexus confirmed that they will be releasing a software update for cars registered before 2021 that should stop the CAN bus issue.

I have already contacted my Lexus dealer and will update if I have anything further.

Has anyone heard anything?

Thanks - will check it out on catch up 👍🏻

Link to comment
Share on other sites

Wow. Swapping out components. That'll cost. The existing canbus parts will be removed and new parts fitted. Could be a newly developed canbus bridge processor or a hybrid of the new platform components or anything really. 

 

This will have taken time to develop and put a distribution system in place. Probably piggy back of the new platform for key distribution, if encrypted units are being used. 

 

They talk of a countermeasure. So this could be anything really. Nice to be vague, best to keep it that way.

I'll eat my words....... 

Link to comment
Share on other sites


  • 1 month later...

I have a Lexus Premier. I have tried to get insurance. Most companies refuse to insure my car. Those that offer a quote want over £5000 plus a huge excess and insist that pay to have a tracker installed. 

Be interested to hear from others, especially if anyone has any thoughts or recommendations 

Thank you in advance.

Link to comment
Share on other sites

Simply move up north! Cheaper insurance!

 

Only kidding. Sorry to hear your plight. There isn't a lot you can do. As southerners sell out, I've noticed more lexuses further north. This will eventually bring the gangs. They have already targeted my local dealership, took a new Hilux. 

 

The only cars I think are 'safe' are Tesla. While they still get taken, they have an impeccable recovery record, or so Google used to say. Haven't checked recently.

Link to comment
Share on other sites

I've come late to this discussion but glad I found it, as I was about to commit to replacing my 10 yr old RX F-Sport with a post 2019 model.  I won't be bothering to now.  I'll keep and run what I have into the ground or part ex for something a little cheaper to insure.

I'm shocked at how little Lexus have done to rectify a problem that they knew was a potential for theft at the design stage, never mind production stage.  A simple fix to prevent easy access to canbus wiring systems, or a software protocol which was split such that ignition and security systems were separated from other operational systems and made inaccessible and use software preventing attack are all things clearly envisionable at a design stage.

I was wondering why my insurance quote doubled this year with Premier insurance and got little truck with Lexus insurance who wanted £675 fully comp for a 10 year old RX.  I ended up getting a sensible quote from another company and changing insurers.  Whilst admittedly, I don't live in a high car crime area, it seems no-one is immune to blanket post-code insurance price hikes all because newer models have canbus vulnerabilities.

This whole thread has been a depressing read and I'm now very unlikely to proceed with any Lexus vehicle as a result, but if not Lexus, then what?

BMW and Mercedes and Audi are disposable unreliable heaps of crap after 4 or 5 years.  Been there, got the teeshirt.  The reason I discovered Lexus was That I got fed up with our merc breaking down every other lamp post when yet another sensor failed.

Toyota use the same platforms as Lexus so that now (for me) rules them out.

Honda are only offering anaemic 1.5 litre disposable engines across much of their model range.  We have the last of the truly great (realiable) and long lived Honda motors in our 1.8 e-VVTI civic so will hang on to that until the bitter end.

Jaguar, or Land rover?  Nope.  Just about everyone I know with one also owns huge garage bills.

What, then, are ex Lexus owners turning towards?  I'd be genuinely interested in hearing some of your stories and experiences, if like me, you've decided to go in a different direction?  Volvo?  Genesis?  Kia???

Link to comment
Share on other sites

I'm keeping my old Lexus cars. They don't make 'em like that anymore. Even Volvo ( who made some great cars - like my old S60 ) have lost the faith and gone off.

Link to comment
Share on other sites

Kia and Hyundai have security issues too. 

I don't think any brand is immune from this as they all went canbus in a rush without any consideration for security. Their only thoughts were traditional security threats and not modern technology threats.

 

Good news is that the latest lexus platforms Rx 2024 and maybe back to 2022, have better protection. The 4th gen Rx is getting some kind of upgrade to that platform. My guess is the immobiliser, but might just be the bus gateway, and thus this exploit will be closed. 

 

I spoke to lexus and have been told it'll arrive this month. That probably means June/July roll out.

Link to comment
Share on other sites

As depressing as this topic is ; it is strange that Lexus has still not found a permanent solution. Many of you may remember that am one of the unfortunate ones whose beloved 2022 RX was stolen from my driveway on June 15 last year. Almost a year to date. As everyone has commented the police never attended my house and the car was never recovered. Luckily my insurance provider at the time paid out the full settlement but  I have got stung with subsequent insurance renewal as I have to declare a “theft claim “ for the next five years even though the theft wasn’t my fault but the crazy insurance industry will continue to penalise me for the next 4 years. For all that want to know the best quote I got on my current car (BMW) was £1700 for a year with Direct Line. LV my insurer at the time of the theft quoted £3500; and this is me a 59 year old Architect living in Hertfordshire with 15yr NCB.
In conclusion there are many of us Lexus lovers who are suffering in silence because of our love of the brand I personally owned four Lexus RX prior to the stolen one - IMG_0303.thumb.jpeg.ab9d11f5bf4b4f0e3e2ecb389cf93c90.jpegIMG_0306.thumb.jpeg.5713c644bf993c9ade896e6edfef4a03.jpegbut may never return to the brand unless they get their acts together on the security vulnerabilities of their cars.

 

 

  • Like 1
Link to comment
Share on other sites

It seems too little too late for many people.  Also whatever they roll out in the next few months may not prevent attempted theft and damage anyway.  The car's at the top of the theft charts and until thieves work out that security fixes are in place I guess the theft attempts will continue unabated for a good year or so until they realise they're not getting what they were after.  Sadly, this all but rules me out if for no other reason I wont be paying exorbitant insurance premiums to anyone. 

Link to comment
Share on other sites

How will this fix work with the Ghost 2?  Will it fix access to the canbus but screw up the Ghost or not affect it?  Guess its too early to speculate.

  • Like 1
Link to comment
Share on other sites

  • 1 month later...

I spoke to Lexus a couple of weeks ago and I was told the software/hardware update should be rolling out in July/August.

I have not heard anything further. Does anyone know any more on this?

Link to comment
Share on other sites

I also spoke with them just last week and they told me different.  I pushed the issue and they said that Lexus UK still hadn't told dealerships when or what the fix would be, and it is overdue from April.  They've been saying June/July since April but bet your bottom dollar that what you were told doesn't mean dealers have had any confirmation at all yet.  All I could get out of them was it would be "software based" and work in conjunction with the steel plates.  To me, that signifies a retrofitted immobiliser.

Link to comment
Share on other sites

On 5/9/2024 at 8:15 PM, GSLV6 said:

What, then, are ex Lexus owners turning towards?  I'd be genuinely interested in hearing some of your stories and experiences, if like me, you've decided to go in a different direction?  Volvo?  Genesis?  Kia???

I’ve generally been impressed with the KIA models I’ve seen, and Volvo as well albeit interior quality on both is short of Lexus imho (but not by much).

One word of warning though. I was at dinner in London with some colleagues a few days ago. The subject turned to cars. None of them were aware of the Lexus CANBUS issue (no real reason they should be) but my, admittedly non-technical, description prompted one of those present to wonder if a neighbour’s Kia EV6 had a similar vulnerability.

His neighbour (based in South London) had a brand new EV6 delivered on a low loader from a lease company. Two days later it was taken, from the driveway, overnight. Now, I suppose that could have been a key issue, or some ‘insider’ dealing either at the lease company or the transport company. But what it does show is that lots of marques have security issues, not just Lexus. 

Link to comment
Share on other sites

Latest Deals

Lexus Official Store for genuine Lexus parts & accessories

Disclaimer: As the club is an eBay Partner, The club may be compensated if you make a purchase via eBay links

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share







Lexus Owners Club Powered by Invision Community


eBay Disclosure: As the club is an eBay Partner, the club may earn commision if you make a purchase via the clubs eBay links.

DISCLAIMER: Lexusownersclub.co.uk is an independent Lexus forum for owners of Lexus vehicles. The club is not part of Lexus UK nor affiliated with or endorsed by Lexus UK in any way. The material contained in the forums is submitted by the general public and is NOT endorsed by Lexus Owners Club, ACI LTD, Lexus UK or Toyota Motor Corporation. The official Lexus website can be found at http://www.lexus.co.uk
×
  • Create New...