Do Not Sell My Personal Information Jump to content


  • Join The Club

    Join the Lexus Owners Club and be part of the Community. It's FREE!

     

Canbus theft scandal


Recommended Posts

The canbus issue won't affect new car sales. I think i read all new models have an encrypted canbus. Ironically, that may help them as RX4 and other affected owners upgrade because of it. However, dealers must have lost a ton of money on resale values, annoyed customers etc. plus RX4's sat on forecourts for longer than usual. 

Link to comment
Share on other sites

19 minutes ago, fezman said:

The canbus issue won't affect new car sales. I think i read all new models have an encrypted canbus. Ironically, that may help them as RX4 and other affected owners upgrade because of it. However, dealers must have lost a ton of money on resale values, annoyed customers etc. plus RX4's sat on forecourts for longer than usual. 

We don’t even know if the new UX 300h is vulnerable. Both the 250h and 300e were - so it’s plausible it’s still vulnerable. The same for the ES - unclear if there have been any changes. 

The original article provided dates, now it just lists lots of models and only says the new NX and RX, plus LBX, have the new platform with security changes… 

Link to comment
Share on other sites

I tried negotiating down the forecourt price of a 2022 RX4 which was on at top dollar price, but the dealership wouldn't budge an inch and was clueless about affects on value recognised by non franchised dealerships on value of used RX4's.  Here's an example.  Both 2022 models, one a Takumi (non franchised) and one an F-sport (Takumi pack) from a franchised dealer.  The Takumi was immaculate, only 10K miles and was on for £36K with mine close on 17K part ex as an offer.  The F-sport had 14K miles and the franchised dealer wanted 6K more and offered less for mine.  I was astonished at the reluctance or ignorance about insurance premium hikes and canbus vulnerability hitting used values by the Lexus dealership.  I told them that.  They, I believe, will discuss it with their tech team and come back to me with a better offer.  It's a buyers market and no RX4 is currently worth top book value as whole life costs are so badly hit by the vulnerabilities.  Anyone wanting to buy one and run it for at least 5 years is advised to bargain hard or look elsewhere as great offers exist...just not with Lexus dealerships it seems.

  • Like 1
Link to comment
Share on other sites

Sadly, after owning six Lexus models I decided to leave the mark. I got a standard response to my email to customer relations so decided it was over.

Good luck to everyone trying to get through to them.

Anyone contacted Watchdog journalists to point out Lexus have reduced the response they made during the program?

  • Like 2
Link to comment
Share on other sites

On 5/13/2024 at 9:28 PM, Alan305 said:

Sadly, after owning six Lexus models I decided to leave the mark. I got a standard response to my email to customer relations so decided it was over.

Good luck to everyone trying to get through to them.

Anyone contacted Watchdog journalists to point out Lexus have reduced the response they made during the program?

I have experienced the same. Lexus are a bust flush. Their brand is all about customer loyalty -  but loyalty is a two way process.  I have registered with LD, and if Lexus won't own up and fix the issues, then it is time for court action.  

Link to comment
Share on other sites

On 5/10/2024 at 5:47 PM, fezman said:

The canbus issue won't affect new car sales. I think i read all new models have an encrypted canbus. Ironically, that may help them as RX4 and other affected owners upgrade because of it. However, dealers must have lost a ton of money on resale values, annoyed customers etc. plus RX4's sat on forecourts for longer than usual. 

A large part of the Lexus market is repeat sales - because of brand loyalty.  Also Lexus cars have always retained their value better than other cars.  This security debacle and, worse, how poorly it has been handled by Lexus, has trashed the brand, and this will impact future sales. 

  • Like 1
Link to comment
Share on other sites


Well, there may be light at the end of the (long) tunnel...I spoke to Lexus last week and dealerships have been informed there's a software/hardware fix due to be rolled out to all RX4 owners this summer sometime.  It's likely to involve a piggyback retrofit which detects when the CanBus system's been interrupted and a hack attempted, such as disconnecting the headlamp CanBus connector and attempting a hack.  This would initiate a security lockdown unless the key is used, thereby preventing CanBus type thefts.  Time will tell but I get the feeling dealerships know more than they're letting on.  My local one's sales people claimed to know nothing about the CanBus thefts, to which my response was "I find that very hard to believe!" only to be met with a blank stare.  The techs knew all about it.  Trust has been broken but might be restored if the fix details have a shred of truth and are rolled out.  Too much guesswork presently, so "wait and see" is the byword.

Meantime, offers on trade ins are derisory and used RX4 prices are being held high except at non franchised dealerships.  I would have gone to a non franchised dealership had one got the variant in stock that I wanted. As it is, the only variant I want is found at a Lexus dealership who offered me £2,5K less for mine in part-ex than an indy did (I turned down their Takumi as it wasn't what I wanted).  I get the feeling that Lexus are not living in the real world presently.

Link to comment
Share on other sites

The fix will also need to be free of charge, otherwise criminals will still be ripping off bumpers etc in the hope they find a car that has not been upgraded.

8 minutes ago, GSLV6 said:

Time will tell but I get the feeling dealerships know more than they're letting on.

Presumably they are under NDA from Lexus, but crazy Lexus has not given an update if this is the case.

  • Like 1
Link to comment
Share on other sites

It would, as I understand it, be treated as a recall (so FOC) with a nominal sum for fitting (a bit like the plates) but as a recall is technically for safety reasons and this isn't safety related, there's no statutory pressure on them to speed things up.  I agree about the NDA.  I guess they're late with their planned roll out which seems to indicate either procurement or design is late.  The dealer announcement was meant to be from April 2024 and we're a month past that now.

Link to comment
Share on other sites

On 5/19/2024 at 10:58 AM, GSLV6 said:

Well, there may be light at the end of the (long) tunnel...I spoke to Lexus last week and dealerships have been informed there's a software/hardware fix due to be rolled out to all RX4 owners this summer sometime.  It's likely to involve a piggyback retrofit which detects when the CanBus system's been interrupted and a hack attempted, such as disconnecting the headlamp CanBus connector and attempting a hack.  This would initiate a security lockdown unless the key is used, thereby preventing CanBus type thefts.  Time will tell but I get the feeling dealerships know more than they're letting on.  My local one's sales people claimed to know nothing about the CanBus thefts, to which my response was "I find that very hard to believe!" only to be met with a blank stare.  The techs knew all about it.  Trust has been broken but might be restored if the fix details have a shred of truth and are rolled out.  Too much guesswork presently, so "wait and see" is the byword.

Meantime, offers on trade ins are derisory and used RX4 prices are being held high except at non franchised dealerships.  I would have gone to a non franchised dealership had one got the variant in stock that I wanted. As it is, the only variant I want is found at a Lexus dealership who offered me £2,5K less for mine in part-ex than an indy did (I turned down their Takumi as it wasn't what I wanted).  I get the feeling that Lexus are not living in the real world presently.

Yes the dealerships are blanking their customers. Short sighted and then some.  I have taken a huge hit over the last two years - damage from an attempted theft and eyewaterinw insurance costs.  The failure to warn us about the vulnerability and speed of action from Lexus will cost Lexus dear, as will the legal action to recover our loses.

Link to comment
Share on other sites

Let's wait and see.  If nothing is rolled out this year, then my bet is nothing will be rolled out at all.  Lexus UK have been very slow to react and inform customers of something they've known about world wide.  What makes the mind boggle as that some senior design manager in Japan actually signed off on something they would have known was hackable because security systems, including the immobiliser, were not separated from the vehicle operating system wiring.  It wouldn't have cost any more in production on a vehicle to do this, well, very little anyway.

 

They're not the only ones as Land-Rover, Porsche and a fair few others committed the same grave error.  It all points, along with the flood of new Lexus models, to a cheapening of what was once and exclusive brand, supplying impeccably designed and made vehicles.  I remember an ex Jag employee saying that they bought a Lexus and stripped it as they couldn't understand why they (Jaguar) had so many electrical faults when Lexus didn't.  They were astonished to find that all systems wiring that had to be routed through the monocoque structure had bespoke channels pressed into the chassis especially for the wiring to keep it safe from pinching and damage.  That attention to detail at the design stage seems to be lost to a different profit model where electronics are concerned.

 

My RX4 will likely be the last one I ever buy as a result.  I won't fall for the false promise again  of quality when there's clearly such major oversights unless I see they address the vulnerability within the Lexus/Toyota Group.  Makes you think of what else they've cut corners on...leaking roofs for example (via roof rails) and premature wear on some suspension parts.

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

It's been months already and honestly this is getting ridiculous.

For me, it's time to make a statement ourselves, otherwise, Lexus might never do anything about it.

Therefore I recommend we all register interest:

https://www.leighday.co.uk/forms/toyota-and-lexus-can-invader-registration-of-interest/

  • Like 2
Link to comment
Share on other sites

  • 3 weeks later...
On 6/6/2024 at 8:41 PM, shadows said:

It's been months already and honestly this is getting ridiculous.

For me, it's time to make a statement ourselves, otherwise, Lexus might never do anything about it.

Therefore I recommend we all register interest:

https://www.leighday.co.uk/forms/toyota-and-lexus-can-invader-registration-of-interest/

I agree, I think Lexus, because there has been very little publicity recently, are hoping the problem will quietly fad away without them having to pay to put the matter right.  

I have registered above, will never buy another Lexus and hope the legal action is long, public and painful for them.  Very much like owners who were promised "Lexus Quality".

Edited by Pinkfish
poor English
Link to comment
Share on other sites


Lexus are probably right it will “go away” in time.

I bought my first Lexus in 1993 and sold my last in 2024.

…. now I’ve “gone away” as well, with Lexus missing out on service revenue, new sale profits, resale profits and finance profits.

  • Like 1
Link to comment
Share on other sites

3 hours ago, Alan305 said:

Lexus are probably right it will “go away” in time.

I bought my first Lexus in 1993 and sold my last in 2024.

…. now I’ve “gone away” as well, with Lexus missing out on service revenue, new sale profits, resale profits and finance profits.

Sadly they don't get. There are lots like us who thought we were buying a premium product from a company we could trust. 

Link to comment
Share on other sites

On 5/19/2024 at 10:58 AM, GSLV6 said:

 

Meantime, offers on trade ins are derisory and used RX4 prices are being held high except at non franchised dealerships.  

Having been considering buying an RX the canbus fiasco has certainly put me off the brand, I was interested in one recently as the alternatives  have different potential issues particularly as a long term ownership prospect . 

 

So,  autotrader has a  Lexus RX 450h 2022 premium pack,  10k miles at a main  dealers at around £37500, tried the part ex trade in price estimator  for that car, looking at a hypothetical PX to an RZ,  Asking price £55K, again at Lexus main dealer,  their best trade in price that they would offer  £28500!  So simply buying the car I'd loose £9k  as I drove off the forecourt.   Makes you think.

  • Like 1
Link to comment
Share on other sites

Maybe we should all email watchdog@bbc.co.uk and let them know that Lexus said they would have fix by the end of April. It's now almost 2 months later and we have heard nothing from Lexus. 

I emailed CR Lexus at the end of April and end of May, and was given a non-committal vague response as to when the security fix would be available. I'll be emailing them again at the end of June, but this time I will be copying in bbc watchdog. 

The service we are getting from Lexus is appalling IMHO. 

  • Like 2
Link to comment
Share on other sites

I agree.  They are also deliberately hiding the canbus security issue on used sales to potential customers and letting them discover it themselves come insurance quote time.  Watchdog or some similar public shaming is overdue on this.

@omegatt It's not jus Lexus, it's Toyota, Porsche, Landrover, Kia, Hyundai and others too.  Hard truth is that luxury and performance cars, plus popular crossover/SUV cars are all targets for theives.

 

I was in your shoes and decided, on balance, that with some additional security, it was still worth sticking with Lexus for the reasons that drew you to them.  You're better selling your car privately and buying a one or two year old RX.  I'd personally avoid electric vehicles until the next generation power source arrives.

  • Like 1
Link to comment
Share on other sites

One final point between 1993 and 2024 quick calculations show I have paid Lexus around £300k in purchases, service, parts, finance and extra warranty. 
 

Sorry Lexus, no more.

Link to comment
Share on other sites

2 hours ago, GSLV6 said:

I agree.  They are also deliberately hiding the canbus security issue on used sales to potential customers and letting them discover it themselves come insurance quote time.  Watchdog or some similar public shaming is overdue on this.

@omegatt It's not jus Lexus, it's Toyota, Porsche, Landrover, Kia, Hyundai and others too.  Hard truth is that luxury and performance cars, plus popular crossover/SUV cars are all targets for theives.

 

I was in your shoes and decided, on balance, that with some additional security, it was still worth sticking with Lexus for the reasons that drew you to them.  You're better selling your car privately and buying a one or two year old RX.  I'd personally avoid electric vehicles until the next generation power source arrives.

Thanks Paul and your probably right,  the attractions of the brand are mostly still intact, though the customer focused approach does seem to have slipped of late.  

Link to comment
Share on other sites

5 hours ago, Alan305 said:

One final point between 1993 and 2024 quick calculations show I have paid Lexus around £300k in purchases, service, parts, finance and extra warranty. 
 

Sorry Lexus, no more.

I am half that, but I feel exactly the same.  Lexus have blown 40 plus years of expensive work establishing the Lexus brand.  Time to sell your Toyota shares I think.  

Link to comment
Share on other sites

  • 5 weeks later...

Well ive trawled through aches of text on this subject but no ones mentioned to new owners what this canbus theft is? Can someone share the basics please. I have a steering lock/bar and can weld up a custom pedal lock too!!

Link to comment
Share on other sites

20 minutes ago, Tom999 said:

Well ive trawled through aches of text on this subject but no ones mentioned to new owners what this canbus theft is? Can someone share the basics please. I have a steering lock/bar and can weld up a custom pedal lock too!!

Have a read here..

https://mag.lexus.co.uk/lexus-uk-statement-on-vehicle-theft/

 

Link to comment
Share on other sites

3 hours ago, Tom999 said:

Well ive trawled through aches of text on this subject but no ones mentioned to new owners what this canbus theft is? Can someone share the basics please. I have a steering lock/bar and can weld up a custom pedal lock too!!

I am sure there is video somewhere in the thread showing exactly what it is. Also really not hard to find with simple google search.

The most basic explanation - CANBUS is the network protocol that is used for your car computers to communicate, you click to unlock the car and smart key module send message to immobiliser to check if code is valid and if yes it opens the doors. Same for starting the car - you press the button necessary computers communicates and validates request and engine starts.

CANBUS theft is when thieves gains access to your CANBUS network, it is literally 2 twisted wires and they can send and intercept messages on that network, so they can send message to car to unlock itself, then another message to start the engine and they can drive off, without any keys etc.

Lexus specifically (Toyota is probably at fault) have made dipshaite stupid mistake (actually 2 horrible mistakes, that only the absolute ape can make) 1. they ran the CANBUS wire to the "Smart Headlight ECU" via easily accessible point just behind the wheel liner... secondly, 2. they did not encrypt CANBUS messages at all... so any damn child can literally pull the wire by hand, cut it, connect it to some sort of pre-programmed device and just drive-off. I am being very critical of Toyota engineering here, but I can't overstate how bad of the mistake it is, thieves probably could not believe their luck when they realised how easy it is to beat the system. 

As for your steering locks - I reckon they are good visual deterrent, but they also take literally seconds to defeat.

I would say additional immobiliser and tracker is probably more useful and complete defence. Leave the steering lock in place, it may deter less committed thieves and they move on looking at easier target, but if they really want your car nothing will really stop them.    

Link to comment
Share on other sites

Latest Deals

Lexus Official Store for genuine Lexus parts & accessories

Disclaimer: As the club is an eBay Partner, The club may be compensated if you make a purchase via eBay links

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share







Lexus Owners Club Powered by Invision Community


eBay Disclosure: As the club is an eBay Partner, the club may earn commision if you make a purchase via the clubs eBay links.

DISCLAIMER: Lexusownersclub.co.uk is an independent Lexus forum for owners of Lexus vehicles. The club is not part of Lexus UK nor affiliated with or endorsed by Lexus UK in any way. The material contained in the forums is submitted by the general public and is NOT endorsed by Lexus Owners Club, ACI LTD, Lexus UK or Toyota Motor Corporation. The official Lexus website can be found at http://www.lexus.co.uk
×
  • Create New...