|
|
Post by unclebob on Feb 3, 2024 9:38:12 GMT
|
|
|
|
Post by philip42h on Feb 3, 2024 11:24:44 GMT
Arguably nothing to do with "Hybrid, EV, PHEV - The 'Alternative Fuel' SUVs" but a 'feature' of modern cars with keyless entry and start systems ... With such systems, rather than have a key turn a lock an electronic 'key present' signal is used to unlock the car and permit the engine to start. There are two 'common' forms of attack against such systems: - Relay attack - where a pair of thieves use two electronic devices to capture and relay the signal from the key to the car. One device needs to be positioned reasonably close to the key to capture the signal. This then relays the signal to the second device which in turn plays it back to the car. Protection for earlier keys can be provided by a Faraday pouch (or metal box). Later keys are fitted with a movement sensor so they simply 'go to sleep' after a few minutes and no longer transmit any signal to be captured.
- CANbus attack - where an electronic device is use to present a spoof 'key present' signal onto the CANbus. Devices on the CANbus then accept this as a real signal to unlock the doors and allow the car to be started.
In hindsight it was pretty 'dumb' of manufacturers to design systems that are vulnerable to the CANbus attack, but, I guess, the assumption was made that the CANbus is wholly contained within the car and cannot be accessed from outside when the car is locked. And that was certainly mostly true in the early days of CANbus systems, but with increasing automation and intelligence being added to modern cars the CANbus is getting closer and closer to the 'edge'.
The specific issue with the RAV4.5 is around the headlights - either automatic lights when dusk falls or automatic high beam. Signals to control the 'intelligent' headlight units are sent via CANbus wiring. Thieves can thus access the CANbus wiring via the headlight wiring - accessible on the near side either via the bumper (pull it out and ...) or via the wheel arch liner (again, pull it out to access the wiring).
For newer models, Toyota have changed the CANbus signalling to prevent this attack. For existing models they have produced a 'protection plate' that can be fixed so as to deny access to the CANbus wiring at the headlights. (The other obvious mitigation is to fit a steering lock or electronic immobiliser.)
<insert wry smiley emoticon here>
|
|
|
|
Post by unclebob on Feb 3, 2024 11:38:06 GMT
On the Lexus forum the ES300h are getting stolen daily and believe they share the same CANbus system . Many owners contacted Lexus for comment…told it’s an isolated incident !!
|
|
|
|
Post by charliefarlie on Feb 3, 2024 11:44:16 GMT
I read on another forum that insurers are loading premiums or even refusing to quote for vehicles with keyless…. Any excuse to raise premiums will do….
|
|
|
|
Post by unclebob on Feb 3, 2024 11:51:04 GMT
Read a topic the other day , insurance companies are refusing to cover Electric & EV’s due to repair costs.
|
|
|
|
Post by firemac on Feb 3, 2024 14:44:12 GMT
……n hindsight it was pretty 'dumb' of manufacturers to design systems that are vulnerable to the CANbus attack,……> [/span][/div] [/quote] Not to mention spending a small fortune creating keyless entry/ignition: an answer to a question that nobody asked. 😡 |
|
|
|
Post by philip42h on Feb 4, 2024 13:31:40 GMT
... in hindsight it was pretty 'dumb' of manufacturers to design systems that are vulnerable to the CANbus attack … Not to mention spending a small fortune creating keyless entry/ignition: an answer to a question that nobody asked. 😡 I agree entirely - the simple 'solution' is to bring back the key! But I do like the convenience of keyless entry - I'm less bothered about keyless start. Reading the forums though, it is quite amazing what now appears to be regarded as essential features in a modern car ... ! Wireless AA & ACP, digital rear view mirror, head-up display, etc. ... |
|
|
|
Post by unclebob on Feb 4, 2024 14:06:35 GMT
Not to mention spending a small fortune creating keyless entry/ignition: an answer to a question that nobody asked. 😡 I agree entirely - the simple 'solution' is to bring back the key! But I do like the convenience of keyless entry - I'm less bothered about keyless start. Reading the forums though, it is quite amazing what now appears to be regarded as essential features in a modern car ... ! Wireless AA & ACP, digital rear view mirror, head-up display, etc. ... It makes sense for Insurance companies to discuss with government and manufacturers that the key has to come back . well unless insurance companies are doing very nicely out of expensive premiums for high risk cars 🤔 |
|
|
|
Post by firemac on Feb 4, 2024 16:41:15 GMT
I agree entirely - the simple 'solution' is to bring back the key! But I do like the convenience of keyless entry - I'm less bothered about keyless start. Reading the forums though, it is quite amazing what now appears to be regarded as essential features in a modern car ... ! Wireless AA & ACP, digital rear view mirror, head-up display, etc. ... It makes sense for Insurance companies to discuss with government and manufacturers that the key has to come back . well unless insurance companies are doing very nicely out of expensive premiums for high risk cars 🤔 I’d guess that they’re doing very nicely. The slightest bump or damage affecting any of those pointless electronics and the car is uneconomic to repair. Hence it gets written off, the insurance company pays out at the lowest value they can get away with then flog the wreckage at a ridiculous price into the second hand trade where it will be put back on the road or broken at significant return on spares. Minimal admin, little or no lawyers cost, maximum return. The barstools are laughing all the way to the bank. 😡 |
|
|
|
Post by charliefarlie on Feb 6, 2024 12:53:15 GMT
Does this hopeless keyless kit affect the earlier cars IE my 2013 ??
|
|
|
|
Post by firemac on Feb 6, 2024 13:29:55 GMT
Does this hopeless keyless kit affect the earlier cars IE my 2013 ?? I wouldn’t pretend to know the technical ins and outs but I would guess that if you have keyless entry and start then there’s going to be the same sort of risk to things like relay theft (where a thief uses a scanner outside the property where the keys are kept to replicate the security codes and therefore be able to start the car) but you can prevent this by keeping your keys in a Faraday pouch or a metal box. I’m not aware that the 4.3 or 4.4 have the CANbus issue that the 4.5 suffers from. If I’m wrong someone more knowledgeable will comment. 😊😊 |
|
|
|
Post by philip42h on Feb 6, 2024 15:40:32 GMT
Does this hopeless keyless kit affect the earlier cars IE my 2013 ?? I wouldn’t pretend to know the technical ins and outs but I would guess that if you have keyless entry and start then there’s going to be the same sort of risk to things like relay theft (where a thief uses a scanner outside the property where the keys are kept to replicate the security codes and therefore be able to start the car) but you can prevent this by keeping your keys in a Faraday pouch or a metal box. I’m not aware that the 4.3 or 4.4 have the CANbus issue that the 4.5 suffers from. If I’m wrong someone more knowledgeable will comment. 😊😊 I'm certainly no more knowledgeable, but I'll comment anyway ... 😊 My 2013 4.4 had a key that I had to insert into the ignition and turn to start the car. If Charlie's has keyless start - i.e. the key simply has to be inside the car somewhere when you push the button to start - then I'd be pretty certain that it uses CANbus signalling and would, potentially, be susceptible to 'key present' spoofing. The CANbus has been around and in use for decades. So, if some ne'er-do-well could access your CANbus with the right wrong kit they could nick your car. BUT, I'm equally certain that the CANbus in a 2013 RAV4 Invincible isn't readily accessible from outside the car so the exploit that receives so much publicity just isn't on. That said, if they can get inside your car, the CANbus most certainly is accessible via the OBD2 port - so keep the car locked when not in use! If they were to force entry, the alarm would sound. The other interesting feature of the 4.5 "access via the nearside headlight" method is that the alarm doesn't sound before they inject the 'key present' signal - and then it wouldn't sound anyway. |
|
|
|
Post by kingo on Feb 29, 2024 16:26:01 GMT
Not to mention spending a small fortune creating keyless entry/ignition: an answer to a question that nobody asked. 😡 Reading the forums though, it is quite amazing what now appears to be regarded as essential features in a modern car ... ! Wireless AA & ACP, digital rear view mirror, head-up display, etc. ... It must be my age, but it boils my p**s when rude people come marching in demanding you drop everything because their sat nav or whatever is not working as they would expect, which usually means they have no idea what the are doing! Or the endless calls for TPMS lights on, have you checked your tyre pressures? No I had it serviced only 11 months ago. It's a good job I'm retiring I think 🤦♂️😂 The entitlement of some people........... |
|
|
|
Post by charliefarlie on Feb 29, 2024 17:42:03 GMT
Reading the forums though, it is quite amazing what now appears to be regarded as essential features in a modern car ... ! Wireless AA & ACP, digital rear view mirror, head-up display, etc. ... It must be my age, but it boils my p**s when rude people come marching in demanding you drop everything because their sat nav or whatever is not working as they would expect, which usually means they have no idea what the are doing! Or the endless calls for TPMS lights on, have you checked your tyre pressures? No I had it serviced only 11 months ago. It's a good job I'm retiring I think 🤦♂️😂 The entitlement of some people........... Even though I’m retired I still encounter clowns associated with my work. During last summer I did a report on a very expensive new build house that belongs to a friend from the village. I did a five page report highlighting every fault whether minor or otherwise.. That report was used to force the builder to erect scaffolding to the entire house and have the roof stripped off in its entirety and redone. I wrote the specification for every aspect of the roof and even carried out the risk assessments. Today I was back at that house and inspected it via a very large cherry picker. The roof has been done again but none of the written specifications have been adhered too. Not one tile I tried has been nailed. The batten spacing too wide. No eaves trays or eaves protection felt used. The mortar used is very weak and falling out in short it’s worse than before. Obviously no qualified personal worked on it. Every aspect of life just gets more and more difficult. Even little jobs like that blooming brake pipe no one wants to know. Little jobs to me years ago were used to fill in time spaces and I charged premium rates to do them. Every hour every job had a profit margin. As more of us retire there’s no credible people behind us. We live in a world now where no young people want to learn a trade. After umpteen years at uni they want to be lawyers or accountants etc. The thing that will turn it around though is AI. It’s widely predicted that millions of jobs done by bodies behind desks will be made redundant by AI….The only safe jobs are manual and skilled people…. The world has gone mad. |
|
ravjeff
Club Regular
Posts: 754
Location: New Zealand
Primary Vehicle: RAV4
Model Spec/Trim: GLX
Engine Capacity: 2.5L
Fuel Type: Petrol
Transmission: Automatic
Drive Type: 4WD/AWD
|
Post by ravjeff on Mar 10, 2024 2:51:51 GMT
Got a spare £15,000? Never get locked out of ANY car ever again.
Range Rovers are so easy to steal even JLR won't cover them for insurance.
|
|
