Jump to content
Do Not Sell My Personal Information


2022 RAV4 stolen


atartan
 Share

Recommended Posts

18 minutes ago, TonyHSD said:

Now a good idea for production of metal arch plates that can be installed on that place to stop thieves getting into the cables. 

or just razor blades if you want to see a scumbag bleeding next to your car.

  • Like 1
  • Haha 2
Link to comment
Share on other sites


I don't know much about CAN bus network but IP networks in computing uses tcp/ip protocol and it has no built in security (at least for IPv4). That does not necessarily mean we should stop using tcp/ip protocol , all the internet is built on these protocols. Instead of ditching the protocol , they have implemented secure protocols to ensure that communication is secured using upper layer protocols e.g ssl / ipsec  and they work very well. ( encryption length keep increasing or new algorithms keep updating to make more secure but it is getting harder and harder to break into IT systems). 

Just googling 5mins shows up many published papers from 5 years ago vulnerabilities of the CAN protocol. If the car industry chose not the address these , it is their mistake and they should be responsible for this. If they don't want to invest in security , they should tell their customers or They should go back to simple hardware keys. Who would get an online bank account if they knew their 40K saving could be easily  taken away in 90 seconds and banks told them this is normal. There is still online hacking but banks and software companies really quick to address these with their patches.

If they also want the cars to connect each other to communicate or autonomous driving to be successful , they will have to invest in more software / hardware security. This is a must, lives would be at stake.

I am sure they will move to the Ethernet (IP) networks , I wish they implemented that from the start.

  • Like 2
Link to comment
Share on other sites

A few years ago I had my Passat broken into and the infotainment system stolen. The police said ‘ off the record’ VW’s used a chip that was also used in home made satellite systems for international TV reception so certain ethnic communities could watch their homeland TV free of cost. Given this was pre Covid due to the extent of thefts the replacement infotainment systems were on 6 months back log. Is that VW’s fault? It was simply bad luck for me and yes it cost my no claims but there wasn’t any discussion about a DIY or cheap repair. Sorry OP for your plight and understand how stressful and frustrating such an incident is but to blame Toyota and then look for a cheap repair on a £40k car I think is bonkers. I personally wouldn’t knowingly touch such a used car with a barge pole and I think the risk to loss of warranty and all the other issues highlighted are simply not worth it. I suspect you might have problems selling or trading in a car with unapproved repairs. Good luck. 

  • Like 5
Link to comment
Share on other sites

Looking at the pictures and reading though the thread, the infotainment system was removed but not taken, the satellite cable trashed at both ends, and the car taken and then parked and left.

This looks as if they knew about the cars location system and were seeing if it would still work with the components removed, if it had not been moved, they would come back and finished what they started.

While this is of no comfort to the owner at least it may put some of them off taking new Rav’s hopefully.

  • Like 5
Link to comment
Share on other sites

1 hour ago, Flatcoat said:

A few years ago I had my Passat broken into and the infotainment system stolen. The police said ‘ off the record’ VW’s used a chip that was also used in home made satellite systems for international TV reception so certain ethnic communities could watch their homeland TV free of cost. Given this was pre Covid due to the extent of thefts the replacement infotainment systems were on 6 months back log. Is that VW’s fault? It was simply bad luck for me and yes it cost my no claims but there wasn’t any discussion about a DIY or cheap repair. Sorry OP for your plight and understand how stressful and frustrating such an incident is but to blame Toyota and then look for a cheap repair on a £40k car I think is bonkers. I personally wouldn’t knowingly touch such a used car with a barge pole and I think the risk to loss of warranty and all the other issues highlighted are simply not worth it. I suspect you might have problems selling or trading in a car with unapproved repairs. Good luck. 

Maybe I could not explain myself well. I am talking about an insecure computer part / protocol that was used by Toyota and how easily a connector can be accessed by just removing a plastic arch in 2mins. These are design issues or lack of testing etc. No car should be stolen in 2mins and driven away. This has nothing in common with VW using a valuable part in their cars.

I posted this article before .. If car companies want to fix a security issue they can.. https://www.carscoops.com/2022/09/hyundai-responds-to-concerns-over-dramatic-surge-in-car-thefts-prepares-new-security-kit/

I have also already contacted my insurance and arranged the repair. I had no intention of fixing it myself. My issue is Toyota asked £6000 to replace a working head-unit and connect a head-light that disconnected (which they already fixed when they were inspecting the car).  They were asking £800 to connect the head-light. Maybe I am too old or lost track of the cost of hourly work garages charge ? is it £800 for 15 mins ?

  • Like 5
Link to comment
Share on other sites


58 minutes ago, Roger_N said:

Looking at the pictures and reading though the thread, the infotainment system was removed but not taken, the satellite cable trashed at both ends, and the car taken and then parked and left.

This looks as if they knew about the cars location system and were seeing if it would still work with the components removed, if it had not been moved, they would come back and finished what they started.

While this is of no comfort to the owner at least it may put some of them off taking new Rav’s hopefully.

This is what we thought as well. MyT was showing the car was parked at a garage and we walked in and asked if we could inspect the shop. The guy said before doing that just go to next street and look for it. He sounded like he knew the location of the car. We told police that the garage maybe involved but Police closed the case with no action.. Whether  the garage involved or not .. I am certainly sure that they wanted to come and finish the work later as there was nearly no damage to the car at all.

if I knew the RAV4 can be stolen in 90seconds with little effort , I would not have bought the car.

  • Like 3
Link to comment
Share on other sites

Not sure if this is feasible but I am aware of starting problems when the 12V Battery (the one that controls all the cars computer functions) is flat. Therefore if this were disconnected would this prevent thieves accessing the CAN bus and opening the car?

  • Like 4
Link to comment
Share on other sites

41 minutes ago, srt said:

Not sure if this is feasible but I am aware of starting problems when the 12V battery (the one that controls all the cars computer functions) is flat. Therefore if this were disconnected would this prevent thieves accessing the CAN bus and opening the car?

Good thinking SRT, if this worked all it would take is a disconnect switch located somewhere 👍

You could maybe sell this idea to Toyota 😀

  • Like 1
  • Haha 1
Link to comment
Share on other sites

1 hour ago, Hybrid21 said:

Good thinking SRT, if this worked all it would take is a disconnect switch located somewhere 👍

You could maybe sell this idea to Toyota 😀

Other than the car won't start, I don't know if any other issues are created by disabling/isolating the 12V.

Perhaps others can advise.

I'm sure isolation could be easily achieved with a remote controlled relay switch.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

7 minutes ago, srt said:

Other than the car won't start, I don't know if any other issues are created by disabling/isolating the 12V.

Perhaps others can advise.

I'm sure isolation could be easily achieved with a remote controlled relay switch.

There may be a circuit you could protect but I don't think completely removing to 12v supply would be practical. No of the remote systems would work and all the memory in the ECU, information system, etc., would be lost. 

I was thinking the PHEV already has a high tech security system installed! If the barn door (charging port flap) isn't closed properly, the car won't go into ready mode (to stop you driving off with the cable attached). You could leave the door slightly ajar and the car won't start. It won't take them long to see the warning message on the MID but at least they would have to get out and faff with it so it would slow them down. 

If anyone wanted to take it further, a secret switch somewhere on this interlock circuit would slow them down even more, hopefully to the point of giving up.

  • Like 1
Link to comment
Share on other sites

27 minutes ago, srt said:

Other than the car won't start, I don't know if any other issues are created by disabling/isolating the 12V.

Perhaps others can advise.

I'm sure isolation could be easily achieved with a remote controlled relay switch.

I don't know if there is one but there is already kill switch for fuel-pump, engine , fuze etc for other cars. Not sure if  they will fit RAV4.

 

I have been looking the Ghost Alarm it seems to be protecting the car using the CAN-Bus, I wonder if this would stop thieves using the head-light socket.

  • Like 1
Link to comment
Share on other sites

20 hours ago, duncerduncs said:

The criminals don't access the ignition from the headlights.

They use the connection to release the doors and then use the OBD port to start the vehicle. 

You can buy OBD locks to secure the port.

Everything is at the headlight, power and Can Bus - once you have access to the can bus you can send the commands - the wonders of intelligent connected cars - the obd2 port is just another access point

  • Like 2
Link to comment
Share on other sites

27 minutes ago, atartan said:

I have been looking the Ghost Alarm it seems to be protecting the car using the CAN-Bus, I wonder if this would stop thieves using the head-light socket.

You could always contact Autowatch directly & ask them if the Ghost will protect against CAN invader attacks on Toyota / Lexus vehicles.

  • Like 1
Link to comment
Share on other sites

The Toyota / Lexus cars are on the list of approved models. It’s looks interesting but I see that in the service or valet mode the car is limited to 36mph. All very well and good but if it’s driven at a higher speed say during a service run then when the car is stopped the engine will nit start and must be ‘woken up’ using the PIN code. My experience is that most service techs would never stick to under 36mph so you’d have to communicate the PIN or be there to restart the car?

  • Like 2
Link to comment
Share on other sites


5 minutes ago, ernieb said:

The Toyota / Lexus cars are on the list of approved models. It’s looks interesting but I see that in the service or valet mode the car is limited to 36mph. All very well and good but if it’s driven at a higher speed say during a service run then when the car is stopped the engine will nit start and must be ‘woken up’ using the PIN code. My experience is that most service techs would never stick to under 36mph so you’d have to communicate the PIN or be there to restart the car?

I guess you can always change the pin after if you gave it to someone. or setup a temp pin for the service.

  • Like 1
Link to comment
Share on other sites

24 minutes ago, forkingabout said:

You could always contact Autowatch directly & ask them if the Ghost will protect against CAN invader attacks on Toyota / Lexus vehicles.

I have already asked them, waiting their response.

  • Like 1
  • Thanks 2
Link to comment
Share on other sites

Just now, atartan said:

I guess you can always change the pin after if you gave it to someone. or setup a temp pin for the service.

A previous Peugeot I owned had the PSA pin code immobiliser fitted.

A second 4 digit service pin code could be set by the owner which allowed a mechanic / garage / friend to start the vehicle only - not gain access to the owners original pin code or change any system settings.

To erase the service pin code from the system all the owner had to do was enter there own pin code.

  • Like 1
Link to comment
Share on other sites

20 minutes ago, forkingabout said:

A previous Peugeot I owned had the PSA pin code immobiliser fitted.

A second 4 digit service pin code could be set by the owner which allowed a mechanic / garage / friend to start the vehicle only - not gain access to the owners original pin code or change any system settings.

To erase the service pin code from the system all the owner had to do was enter there own pin code.

Sounds good.

Link to comment
Share on other sites

22 minutes ago, ernieb said:

Sounds good.

It was very good if you changed the factory default pin code but lazy owners & motoring press hated it so it got dropped for a transponder key system. 

Link to comment
Share on other sites

That reminds me of this guy who had an import JDM car; I can't remember if it was a subaru or some sort of skyline gtr, but apparently they were really easy to steal so a lot of owners had aftermarket PIN code systems installed into it, which this one came with. Apparently it was the bane of his life as it would often take multiple attempts of entering the code to get it to start :laugh: 

I think he eventually managed to find someone who could remove the whole system, but because of the way it had been spliced in, removing it was apparently very difficult and required a few return visits due to weird glitches stemming from it being removed but not all the wiring being fixed to how it should have been...!

 

Traditionally, people fit isolators to cut power to the fuel pump, not the whole 12v system.

I'm not sure how you would do it with a hybrid since that doesn't need a running fuel pump to switch on; Maybe isolate power to the fuel pump and contactors? But that might throw all sorts of scary Hybrid System Malfunction! codes if you forgot to turn off the isolator and tried to start it...!

  • Like 1
Link to comment
Share on other sites

Years back I had a Pug 406 that had a number pad, you had to enter a pin to start the car.

  • Like 1
Link to comment
Share on other sites

The problem is all systems can be bypassed if there is physical access to them; Like with the fuel-pump isolation, a canny thief can just connect a jumper cable from the fuel pump to the Battery directly to power it and the car would work again!

Link to comment
Share on other sites

25 minutes ago, Yugguy1970 said:

Years back I had a Pug 406 that had a number pad, you had to enter a pin to start the car.

I also had one of those ( for 6 months - worse car I've ever owned so far )

The RF remote keys could be programmed to auto enter your pin code & unlock the keypad for 30 seconds.

The infra red key fobs couldn't. 

  • Like 1
Link to comment
Share on other sites

Just remove the rotor arm on the distributor on your Alvis while parked outside the RAC club on the mall to have lunch.

Might be a good idea to wrap it in your Turnbull and Asser kerchief though to prevent unwanted stains in pockets.

I might be a little behind the times on this one however.

 

 

  • Like 2
  • Haha 2
Link to comment
Share on other sites

17 minutes ago, Cyker said:

The problem is all systems can be bypassed if there is physical access to them; Like with the fuel-pump isolation, a canny thief can just connect a jumper cable from the fuel pump to the battery directly to power it and the car would work again!

There is an easy way to beat / factory reset the PSA keypad but it takes a while - it's not a viable theft method.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share






×
×
  • Create New...




Forums


News


Membership