2022 RAV4 stolen

[Yorkboy]

30 minutes ago, tfc said:

Guy is it possible to fit a door switch to the liner so if it is disturbed the alarm will go off, it should be easy to fit just need a wire from a existing alarm wire maybe one for the bonnet thats if the bonnet is alarmed up. 

That seems an excellent idea👍

[Yugguy1970]

1 hour ago, tfc said:

Guy is it possible to fit a door switch to the liner so if it is disturbed the alarm will go off, it should be easy to fit just need a wire from a existing alarm wire maybe one for the bonnet thats if the bonnet is alarmed up. 

Aye, I would imagine so.  There's plenty of spots you could choose.

[tfc]

9 hours ago, tfc said:

 

Philip has soon as the wheels starts rotating it would start to charge and when I stop at traffic lights or a junction it would stop charging after about 2 or 3 secs or if its parked up in park it wouldn't charge at all

When it first came to light was when I was stopped at a junction first thing in the morning rush hour at the top of our street trying to get out onto the main road and that is when the car shut down and what you are seeing in that video. I was able to use the car for a week only short trips until the installer could get back to remove it but had to keep a eye on the battery levels, I tried to regen as much as possible. The canbus side is only one part of the installation but I will not reveal where else it connects to as they told me not to reveal it.

I must of spent a full day in total trying to find answers, watched a shed load of YT videos trying to find if anyone else has had this problem. At first they said the G2 was not at fault so being non the wiser.

I went to Toyota to book it in and showed them the video on my phone so got a booking for the 25th I didnt tell them I had a G2 fitted, anyway when I got home it had me thinking so I rung Toyota UK and asked the question if it would invalidate the warranty and they said no but if it deems that the G2 has caused a problem it 'may' void the warranty so with this I asked the G2 to be removed for a tidy some of £180, so had it removed and everything is back to normal and cancelled the workshop visit, and now in the process of a full refund plus the £180. With them refunding the £180 seems they know the G2 is at fault

Well finally got the full refund back into my account this evening , now I need to find another installer who as done one of these.

[Talshia]

On 3/29/2023 at 12:30 PM, Yugguy1970 said:

When I took the wheel arch liner out partially, to change the fog bulbs, I think I saw the connector that they target.

If it was that, that is REALLY crap design by Toyota, it's just hanging there ready to be plugged into.  Really bad.  Even if you boxed-in the socket somehow, there are accessible wires.

What about wrapping the connector with Duct Tape and grease, may slow them down enough to try somewhere else.

Presumably they have some kind of PLUG connector and do not actually cut and identify the individual cables

 

Paul

[Yugguy1970]

Yeah you could, trouble is unless you have a sticker saying "hey scrotes, my port is covered", you've still got a damaged car.

 

[displaced]

8 minutes ago, Yugguy1970 said:

unless you have a sticker

Plenty surface on the panel for such a sticker. Could probably get one made on Etsy.

"Live, laugh, love, leave my car alone"

[Yugguy1970]

4 hours ago, displaced said:

Plenty surface on the panel for such a sticker. Could probably get one made on Etsy.

"Live, laugh, love, leave my car alone"

https://www.youtube.com/watch?v=khLRjyJ_Ymo

[Sam.uk]

Hi everyone. 

My brand new Rav4 Excel will be ready to collect in the next few weeks . Is a 2023 model is still can be stolen easily? 

[ernieb]

The OBD port access is via the near side front wheel, connecting to the side lights. Don’t believe that the design has been changed so it’s probably just as vulnerable. 
Buy a steering wheel lock, I bought a Milenco version, solid and very visible. It at least offers some resistance and is very visual.

[FROSTYBALLS]

Topics merged.

[Strangely Brown]

Am I alone in considering it strange that D Buck has not been back since his original and only post?

Just wondering.

[NASY]

Hoax?

[Dippy]

1 hour ago, Strangely Brown said:

Am I alone in considering it strange that D Buck has not been back since his original and only post?

Just wondering.

Could be dealing with the mess of having stuff stolen? Could be on 8 other forums, spreading the word to maximize chances of it being found?

[Strangely Brown]

2 hours ago, NASY said:

Hoax?

There is something about it that just doesn't seem right.

"... not to  bothered about the car it was the fact that a lot of my stuff was in the boot things like certificates, aftershaves and other valuables. If anyone spots a car of this kind please get in touch"

Concerned about aftershaves more than the car?

 

48 minutes ago, Dippy said:

Could be dealing with the mess of having stuff stolen? Could be on 8 other forums, spreading the word to maximize chances of it being found?

Quite possibly. Just seems odd that he has only 1 post.

Anyway, if it is a hoax post then I don't see what there is to gain by it. Probably just me being overly cynical.

[Strangely Brown]

A couple of articles popped up in my news feed today. Both telling roughly the same story but with some different levels of detail. Much more information that previously known and very interesting for those of a technical persuasion.

https://www.thedrive.com/news/shadetree-hackers-are-stealing-cars-by-injecting-code-into-headlight-wiring

https://arstechnica.com/information-technology/2023/04/crooks-are-stealing-cars-using-previously-unknown-keyless-can-injection-attacks/

 

[ColinB]

46 minutes ago, Strangely Brown said:

A couple of articles popped up in my news feed today. Both telling roughly the same story but with some different levels of detail. Much more information that previously known and very interesting for those of a technical persuasion.

https://www.thedrive.com/news/shadetree-hackers-are-stealing-cars-by-injecting-code-into-headlight-wiring

https://arstechnica.com/information-technology/2023/04/crooks-are-stealing-cars-using-previously-unknown-keyless-can-injection-attacks/

 

Very scary, so easy for thieves to do. How long will it be before Toyota do something to prevent this from happening (although it sounds as if other marques are also affected). In the meantime I use my Stoplock when parked overnight.

[philip42h]

There's nothing particularly 'new' here - if you've read this thread and avoided the distractions we have known of this particular CAN bus attack for quite a while now, but these articles do confirm the approach.

I don't think it is correct to describe such thefts as simple or easy ...

We know that with access to the CAN bus and appropriate technology it is possible to send spoofed signals to indicate 'key present' etc. so that the car can be stolen without being in possession of the key.

Unfortunately, it is not too difficult to gain access to the RAV4.5 wiring via the nearside headlamp connector. And I suspect at least 50% of forum members could accomplish that part of the attack - although it is clear that some of the would-be thieves need a couple of attempts to get this bit done.

But then you need the technical kit and/or the knowledge to construct that kit. I'm sure that is available via the dark web (I haven't looked) but I suspect that less than 1% of our number would have access to the necessary technology. So not so 'simple' or 'easy' as all that ...

In contrast, quite a few years back a colleague and I managed to lock ourselves out of our American hire car. It took our US colleagues less than a minute to gain access and get us on our way again. That was both simple and easy - and apparently very well known.

That's no excuse for Toyota to have left this vulnerability in the first place, nor for them not to work up a defence, but we do need to maintain a sense of proportion (and, perhaps, a brightly coloured Stoplock) in the meantime ... 😉

[tfc]

Problem is the toe rags that steal our vehicle are not opportunist so if they mark a vehicle they want they most likely come tooled up to cut any locks off in about 1 minute, even if Toyota moved the wiring or made it inaccessible there is other options already available for them to nick it. These are organised gangs that steal vehicles to order.

You need a good tracker that is monitored 24/7,   independent alarm and immobiliser or the simplest wire in a fuel pump switch. 

There's  a lot more expensive and exotic vehicle that get nicked and their manufacturers have no answer to stop it.

[Strangely Brown]

24 minutes ago, tfc said:

Problem is the toe rags that steal our vehicle are not opportunist so if they mark a vehicle they want they most likely come tooled up to cut any locks off in about 1 minute, even if Toyota moved the wiring or made it inaccessible there is other options already available for them to nick it. These are organised gangs that steal vehicles to order.

You need a good tracker that is monitored 24/7,   independent alarm and immobiliser or the simplest wire in a fuel pump switch. 

There's  a lot more expensive and exotic vehicle that get nicked and their manufacturers have no answer to stop it.

Much earlier in this thread I posted a group test of steering wheel locks. The best two resisted all attempts by the tester to remove them in any time that a would be thief would be prepared to spend. The process also required tools that were very noisy and would certainly draw attention. It is also true that some of the tested locks were defeated in no time at all so the advice must be only buy the best and avoid false economy.

A tracker might help you recover the car but then what you have is a damaged car that will cost the insurance company a lot of money to fix, if they agree. Do you really want it back once it is taken?

An immobiliser might prevent them driving away but the car is still damaged by the break-in. The fuel pump switch will not help in a Hybrid as the thief will drive away on Battery power and much further in a Plug-In.

It does seem to be an industry wide problem and I guess other makes/models maybe don't have the CAN wiring quite so easily accessibly from outside the car.

Whatever technical solution (e.g. encrypted CAN comms) Toyota may come up with in the future to combat this problem I fear that it may not be possible to retro-fit to our existing vehicles. If they come up with something physical to prevent access to parts of the CAN wiring then that may well work but you're back to the damaged car again until such times as the word spreads that RAV4s are no longer easily nickable.

In the meantime a visible deterrent that tells the thief it's not going to be as easy as they thought and that they should move on and try a different car is the best option available. IMHO.

 

[tfc]

Slipped my mind about plugin hybrid, I don't think they'll be to bothered about making noise, blimey you just have to look at cat converters thieves in Broad daylight in car parks or at the side of the road. Your right about drawing attention to themselves but if that's the vehicle they have been told to nick they will take it.

Have you noticed on these yt videos they know exactly where the car is , a couple will walk up to the house on foot , they disarm it and another cars comes and picks one of them up

Had a read of the tests you put up, It wouldn't say what he was using but 5 mins plus is a joke to remove the disklok. 

 

[Strangely Brown]

1 hour ago, tfc said:

Had a read of the tests you put up, It wouldn't say what he was using but 5 mins plus is a joke to remove the disklok. 

You are correct. It did not specify exactly which tools the tester was using but there is no way that he would be able to cut or drill the steel from which the better locks are made without using power tools. That's noisy, especially at night. Even cutting the steering wheel itself takes time since in order to remove the Stoplock Pro it requires at least three cuts. Then of course the car will require a new steering wheel if anyone wants to use it later.

I am quite confident that the thieves want to be in and away in the minimum time and with the minimum of resistance. To that end I am happy that the bright yellow shaft of the Stoplock is sufficient to make someone move on to an easier target.

My biggest worry is that insurance companies may refuse cover on the cars in future. If they refuse theft cover I could live with that and carry that risk myself. Unfortunately I do not know of such a policy.

[flash22]

From last year but a bit more in depth

https://kentindell.github.io/2023/04/03/can-injection/

[kucyk]

Reportedly, the CAN bus attack doesn't work in newer Toyota/Lexus cars including RAV4 Plug-in (+2022 LX, +2022 NX, +2023 RX, +2022 Yaris, bZ4X and probably more). According to OpenPilot, they are using AutoSAR SecOC that is providing a cryptographic signing for CAN bus communication, so it's not possible to inject fake CAN messages used to open and start the car in the current theft method.

[Vainona70]

In the Daily Telegraph today:

Thieves are hacking into cars through their headlights, experts warn

£2,000 device can be used to unlock luxury vehicles

By Gareth Corfield

9 April 2023 • 2:55pm

Thieves are breaking into cars through their headlights using a device that costs just £2,000, motorists have been warned.

Automotive security experts Ian Tabor and Ken Tindell said that hackers are ripping off bumpers and headlights to gain access to wiring, allowing them to plug in widely available electronics used to hack cars’ internal computer networks.

Once connected, the devices automatically disable engine immobilisers and can be used to open windows or even activate door locks, the experts said.

Such hacking devices can be bought online for prices ranging between three and four figures, according to Mr Tabor and Mr Tindell.

Illicit vendors selling these devices claim they give instant access to high-value cars including Ferraris, Rolls-Royces, Lamborghinis and more.

The Telegraph has been shown websites in European countries that offer the devices for sale.

Mr Tabor made a test purchase of a device similar to one he believes was used to steal his Toyota RAV4 last year and reverse-engineered it.

He said the process took around 30 seconds from start to finish, adding: “Plug the thing in. The engine starts making whirring noises as it disarms the immobiliser.

"Press another button, the doors unlock, and then the thieves can get in and go."

The car expert said the hacking device was designed to be plugged into a socket typically concealed underneath a car’s headlights or bumpers.

From there the device accesses the vehicle’s CAN bus, an internal computer network used to control its sensors and systems.

A Toyota spokesman said: “While it is, unfortunately, very difficult for any auto manufacturer to completely eliminate the risk from people and organisations acting with criminal intent, we regularly collaborate and share information with insurance associations and police authorities throughout the world to help reduce this risk.”

[Strangely Brown]

3 hours ago, kucyk said:

Reportedly, the CAN bus attack doesn't work in newer Toyota/Lexus cars including RAV4 Plug-in (+2022 LX, +2022 NX, +2023 RX, +2022 Yaris, bZ4X and probably more). According to OpenPilot, they are using AutoSAR SecOC that is providing a cryptographic signing for CAN bus communication, so it's not possible to inject fake CAN messages used to open and start the car in the current theft method.

That encouraging to hear, but is it true? I think it odd that the HEV and PHEV would use different CANbus communications.