Jump to content
Do Not Sell My Personal Information


  • Join Toyota Owners Club

    Join Europe's Largest Toyota Community! It's FREE!

     

     

2022 RAV4 stolen


atartan
 Share

Recommended Posts

I am somewhat bewildered by your comment on the previous page.

As a fellow Toyota owner are you not interested by the actions (or inactions) of Toyota in this instance?

I would acknowledge it more if I was looking to start a "bash Toyota" thread.

But, if my understanding is correct, the majority of forum members who have commented here are similar to myself. Namely, displeased with the way Toyota is handling this.

Would your advice be the same for those members who have had their vehicles stolen already?

Perhaps I am expecting too much from Toyota in this instance?

Also, maybe, if the majority of Toyota owners have a similar reaction to yours, it would indeed explain why the company seems so disinterested in resolving this.

As you say, we can always look for another car manufacturer that suits our needs better.  

 

  • Like 1
Link to comment
Share on other sites


Percentage increases are pretty meaningless, and what the article doesn't provide is actual numbers - which gives a much better indication of the theft issue.

Link to comment
Share on other sites

A few weeks ago there was an article all over the internet showing the top 10 stolen cars and the rav4 wasn’t even in it so there can’t be as many stolen as this website and others would intimate.

  • Like 1
Link to comment
Share on other sites

1 hour ago, The Lurker said:

I am somewhat bewildered by your comment on the previous page.

Then perhaps I owe you an apology and a more lengthy response ...

You appended a short essay on page 52 of a thread on a specific vulnerability of recent RAV4s fitted with keyless entry and start. The topic is already discussed at length, and your post doesn't really add anything new - other than the fact that you are a dissatisfied owner.

So, if your objective was a cathartic rant - job done! 🙂 

Toyota do not monitor this forum so nothing we say about Toyota here will carry any weight. The thread already discusses the vulnerability - in probably too much detail - and the steps owners can take:

  • Fit a visible deterrent such as a steering lock. This will hopefully move the would be thief on to a different car.
  • Arrange with your Toyota dealer to have the protection plates fitted. Note: this is a 'solution' developed by Toyota to address this specific problem.

Yes, this involves a one-off additional expense of around £130 to protect a £40k car - not ideal but hardly the end of the world.

Toyota do not recommend fitting an additional immobiliser, and, if you read the thread, you'll find that some who have, have had issues, and subsequently had the immobiliser removed.

Toyota are, understandably, rather cagey about a full design resolution for this vulnerability, but it is understood that the issue is resolved in current cars - hopefully one day soon we will know for sure. (The resolution to this specific problem is to ensure that a would be thief cannot spoof a "key present" signal.)

So, while I am less than delighted that the problem exists in the first place, I am satisfied that Toyota have taken and are taking reasonable steps to provide protection against the current vulnerability and to ensure that it doesn't exist in future vehicles.

That's scant comfort for those who have been victims of theft already - they have my sympathy. For the rest of us, it is a question of living with the issue and enjoying the car that we have, or switching to a different brand / model ...

  • Like 2
Link to comment
Share on other sites

In the office yesterday I listened to my coworkers who own a variety of cars all complaining about how much their insurance had gone up.

  • Like 2
Link to comment
Share on other sites


1 hour ago, philip42h said:

Then perhaps I owe you an apology and a more lengthy response ...

Appreciated, thank you. 

1 hour ago, philip42h said:

 

You appended a short essay on page 52 of a thread on a specific vulnerability of recent RAV4s fitted with keyless entry and start. The topic is already discussed at length, and your post doesn't really add anything new - other than the fact that you are a dissatisfied owner.

 

I would like to think I added additional information in relation to the percentage increase in theft of the Toyotas and Lexus. Although I accept Frostyballs assertion that a percentage, by itself, is perhaps not the best way to illustrate the point. Also, I felt it was relevant that Lexus owners are being offered the VPP FOC but Toyota owners are not. I did not see this mentioned and thought it pertinent.

1 hour ago, philip42h said:

 

Toyota do not recommend fitting an additional immobiliser, and, if you read the thread, you'll find that some who have, have had issues, and subsequently had the immobiliser removed.

Toyota are, understandably, rather cagey about a full design resolution for this vulnerability, but it is understood that the issue is resolved in current cars - hopefully one day soon we will know for sure. (The resolution to this specific problem is to ensure that a would be thief cannot spoof a "key present" signal.)

 

If you look at the URL I provided that links to the Toyota magazine (an official Toyota UK publication) and read through the comments you will see that Toyota do seem to recommend fitment of the Ghost system. I've added a screen grab of the relevant reply to this post.

Screenshot 2023-12-20 at 15.18.59.png

Link to comment
Share on other sites

Has anyone got the Ghost 2 immobiliser fitted to a standard 2019 onwards RAV4 HEV that’s work’s perfectly? Had to have mine removed after a week as it screwed up the hybrid power train. Want it refitted but the installer is trying to offer me an alternative.

Link to comment
Share on other sites

On 12/20/2023 at 2:22 PM, philip42h said:

Then perhaps I owe you an apology and a more lengthy response ...

You appended a short essay on page 52 of a thread on a specific vulnerability of recent RAV4s fitted with keyless entry and start. The topic is already discussed at length, and your post doesn't really add anything new - other than the fact that you are a dissatisfied owner.

So, if your objective was a cathartic rant - job done! 🙂 

Toyota do not monitor this forum so nothing we say about Toyota here will carry any weight. The thread already discusses the vulnerability - in probably too much detail - and the steps owners can take:

  • Fit a visible deterrent such as a steering lock. This will hopefully move the would be thief on to a different car.
  • Arrange with your Toyota dealer to have the protection plates fitted. Note: this is a 'solution' developed by Toyota to address this specific problem.

Yes, this involves a one-off additional expense of around £130 to protect a £40k car - not ideal but hardly the end of the world.

Toyota do not recommend fitting an additional immobiliser, and, if you read the thread, you'll find that some who have, have had issues, and subsequently had the immobiliser removed.

Toyota are, understandably, rather cagey about a full design resolution for this vulnerability, but it is understood that the issue is resolved in current cars - hopefully one day soon we will know for sure. (The resolution to this specific problem is to ensure that a would be thief cannot spoof a "key present" signal.)

So, while I am less than delighted that the problem exists in the first place, I am satisfied that Toyota have taken and are taking reasonable steps to provide protection against the current vulnerability and to ensure that it doesn't exist in future vehicles.

That's scant comfort for those who have been victims of theft already - they have my sympathy. For the rest of us, it is a question of living with the issue and enjoying the car that we have, or switching to a different brand / model ...

You mention that the issue is resolved in current cars. Does that mean new Toyota’s (models produced in late 2023 and onwards) are possibly not susceptible to ‘key present’ signal hacking? About to receive delivery of a new RAV4 PHEV in Feb/March (2024 facelift model) and wonder if I still need the protective plates installed.
 

I have also seen it mentioned on a Reddit thread that the PHEV is not vulnerable to this attack in any case. I assume that is an error. What we need is a recently reformed car thief to join this forum and tell us the current state of play…

Link to comment
Share on other sites

19 minutes ago, Doubletalkjive said:

You mention that the issue is resolved in current cars. Does that mean new Toyota’s (models produced in late 2023 and onwards) are possibly not susceptible to ‘key present’ signal hacking? About to receive delivery of a new RAV4 PHEV in Feb/March (2024 facelift model) and wonder if I still need the protective plates installed.
 

I have also seen it mentioned on a Reddit thread that the PHEV is not vulnerable to this attack in any case. I assume that is an error. What we need is a recently reformed car thief to join this forum and tell us the current state of play…

Your guess is as good as mine ... 😉 

There has been speculation that the PHEV was not vulnerable. While they are built in a different factory, I can't see any logical reason why they shouldn't have exactly the same vulnerability "by design". A PHEV is more likely to be kept overnight off-road and plugged-in so not quite such an easy target and maybe less likely to be stolen.

There has been speculation that later models are not vulnerable - which would make sense if Toyota were quietly "fixing the hole". But in a very recent video a latest model PHEV GR-Sport was shown coming with a second fob to address theft issues - so maybe not quite fixed yet?

Maybe one of us needs to pop-over onto the dark web and buy the magic gismo - maybe not ... 😉 

A serious talk with your dealer is probably called for. Are they aware of the issue? Is it resolved in your car? If not, will they fit the protect plates, ideally FoC, prior to delivery? You can always hope, and it seems a reasonable test of dealer competence ...

  • Thanks 1
Link to comment
Share on other sites

39 minutes ago, philip42h said:

Your guess is as good as mine ... 😉 

There has been speculation that the PHEV was not vulnerable. While they are built in a different factory, I can't see any logical reason why they shouldn't have exactly the same vulnerability "by design". A PHEV is more likely to be kept overnight off-road and plugged-in so not quite such an easy target and maybe less likely to be stolen.

There has been speculation that later models are not vulnerable - which would make sense if Toyota were quietly "fixing the hole". But in a very recent video a latest model PHEV GR-Sport was shown coming with a second fob to address theft issues - so maybe not quite fixed yet?

Maybe one of us needs to pop-over onto the dark web and buy the magic gismo - maybe not ... 😉 

A serious talk with your dealer is probably called for. Are they aware of the issue? Is it resolved in your car? If not, will they fit the protect plates, ideally FoC, prior to delivery? You can always hope, and it seems a reasonable test of dealer competence ...

Thanks and that sounds like sound advice. I will speak with the dealer before collection. I just wonder how much knowledge seeps down to the salespeople on the showroom floor…

I also saw that review by Thomas with the secondary key fob (Thomas is one of the best auto reviewers out there in my opinion). I mentioned it on another thread here and someone commented that it might be an aftermarket or similar device because it does not feature in the latest Toyota manual for the RAV4. Maybe the dealership fitted it to that vehicle or maybe it’s an EU thing?

Anyway, speculation aside, I will see what the dealer says closer to the point of collection and of course provide an update here. It seems that this thread is not going to dry up soon (unfortunately…)

Darkweb anyone? 😛 

Link to comment
Share on other sites

26 minutes ago, Doubletalkjive said:

I will speak with the dealer before collection. I just wonder how much knowledge seeps down to the salespeople on the showroom floor…

Not a lot ... the dealerships are franchises; some are better than others at reading and understanding what Toyota UK do tell them; but at least they do have a responsibility to understand and explain and should have better access to Toyota GB than the general public.

If and when you ask, the chances are that the salesman won't have a clue - and that's 'OK'ish. But he then needs to refer the question back, first to those in the dealership that might know better, and then via the dealer principle back to Toyota to get a proper answer. And all that will take time so don't leave it too close to the point of collection ... 😉 

  • Like 1
Link to comment
Share on other sites

1 hour ago, philip42h said:

Not a lot ... the dealerships are franchises; some are better than others at reading and understanding what Toyota UK do tell them; but at least they do have a responsibility to understand and explain and should have better access to Toyota GB than the general public.

If and when you ask, the chances are that the salesman won't have a clue - and that's 'OK'ish. But he then needs to refer the question back, first to those in the dealership that might know better, and then via the dealer principle back to Toyota to get a proper answer. And all that will take time so don't leave it too close to the point of collection ... 😉 

You are quite right. I actually had some experience with our closest Toyota dealer. The sales chap who we went on the test drive with had no idea about the PHEV charge mode or HV mode. He seemed quite lost… perfectly nice chap… just not the most well informed. I actually ended up going on Carwow and found a Toyota dealer offering a better price and with very good reviews. But I am yet to test their knowledge 🙂 

But I must say that this whole canbus hack issue is souring things somewhat. Getting the protective plates fitted might thwart the theft but it does not mean they won’t try. I am thinking protective plates + Disklok + home driveway bollard (and 12 gauge 🙂). Although Disklok looks like a pain having to fit it every time (also concerned about damage to steering wheel although I note you can buy an optional protective cover for the wheel which sits underneath the Disklok device). Do you have experience with steering locks or other anti theft systems? I am not keen on IGLA/immobiliser devices as it seems they can cause issues with the normal operation of the car.

I have always owned cars that were particularly uninteresting to anyone… that was a minor blessing of sorts!

  • Haha 1
Link to comment
Share on other sites

You have to remember the majority of salesmen are just salesmen; Many have likely been through different marques, and very few of them are enthusiasts about the brand and are unlikely going to have the same depth of knowledge as the obsessed nutcases we have on here :whistling1:

It's like the difference between talking to random sales drone in Halfords about bikes vs the owner of a small bike shop who is a former Tour de France competitor and  hardcore mountain-biking enthusiast :laugh: 

But that's true of most things - Back when PCs were new, you could get into some fairly indepth tech talk with the shop person. Nowadays the best you can hope for is the sales drone in PC World to read the specs off the right tag :laugh: 

  • Like 1
Link to comment
Share on other sites

9 hours ago, Doubletalkjive said:

You mention that the issue is resolved in current cars. Does that mean new Toyota’s (models produced in late 2023 and onwards) are possibly not susceptible to ‘key present’ signal hacking? About to receive delivery of a new RAV4 PHEV in Feb/March (2024 facelift model) and wonder if I still need the protective plates installed.
 

I have also seen it mentioned on a Reddit thread that the PHEV is not vulnerable to this attack in any case. I assume that is an error. What we need is a recently reformed car thief to join this forum and tell us the current state of play…

You will be able to sleep relatively well. Your car come with the Toyota Security Key (TSK) which signs the communication between ECU and other components which makes your car not vulnerable to the CAN bus attack.

Fobs can’t be hacked either as they enter a deep sleep mode after a few minutes of inactivity and they don’t transmit any signals.

All started back in 2021.

Link to comment
Share on other sites


1 hour ago, kucyk said:

You will be able to sleep relatively well. Your car come with the Toyota Security Key (TSK) which signs the communication between ECU and other components which makes your car not vulnerable to the CAN bus attack.

Fobs can’t be hacked either as they enter a deep sleep mode after a few minutes of inactivity and they don’t transmit any signals.

All started back in 2021.

Thanks, that is good news. But I don’t understand why everyone is still going on about CAN bus injection with newer vehicles? Or am I missing something? Where did you get the info about the TSK? I’m intrigued!

 

 

Link to comment
Share on other sites

7 minutes ago, Doubletalkjive said:

Thanks, that is good news. But I don’t understand why everyone is still going on about CAN bus injection with newer vehicles? Or am I missing something? Where did you get the info about the TSK? I’m intrigued!

 

 

Also, why are Toyota head office agreeing fitting canbus protection plates to a 2022 PHEV.  Anyway better safe than sorry. 

Link to comment
Share on other sites

1 hour ago, Doubletalkjive said:

Where did you get the info about the TSK? I’m intrigued!

I believe that it comes from here - make of it what you will ...

Link to comment
Share on other sites

2 hours ago, George22 said:

Also, why are Toyota head office agreeing fitting canbus protection plates to a 2022 PHEV.  Anyway better safe than sorry. 

Maybe Toyota are fitting the plates to all RAV4s, particularly ones who make a fuss / live in London or Birm, regardless of whether they’re vulnerable, as the more Ravs that have plates the more frustrated the thieves become and the hopefully move on from targeting ‘easy’ Toyotas ? 
 

Just a thought based on zero knowledge whatsoever! 
 

 

Link to comment
Share on other sites

13 hours ago, philip42h said:

I believe that it comes from here - make of it what you will ...

Thanks. That’s very helpful. Been digging around, as I’m sure we all have. Still conflicting info out there but that link suggests the PHEV is not susceptible. Other forums suggest that too, Reddit link. The Comma GitHub also seems pretty clear about TSK ECU etc. Technically, despite the fact that CAN bus communications cannot be encrypted due to EU regulation and added latency. Signing communications to prove authenticity would be ok.
 

If I am reading all of this correctly then theoretically you could validate SOME non time-sensitive communications on the CAN bus via signing, e.g. to unlock the doors or disable immobiliser. 

But after all that I think I will just get the plates installed… too much confusion. You also never know when a new vulnerability will be exploited. I guess best to protect the wires themselves!

12 hours ago, JDK-SL7 said:

Maybe Toyota are fitting the plates to all RAV4s, particularly ones who make a fuss / live in London or Birm, regardless of whether they’re vulnerable, as the more Ravs that have plates the more frustrated the thieves become and the hopefully move on from targeting ‘easy’ Toyotas ? 
 

Just a thought based on zero knowledge whatsoever! 
 

 

 

 

Link to comment
Share on other sites

1 hour ago, Doubletalkjive said:

But after all that I think I will just get the plates installed… too much confusion. You also never know when a new vulnerability will be exploited. I guess best to protect the wires themselves!

 

 

I'm not doing it but it's not a bad idea after all. Even if the car is not vulnerable at the moment, this doesn't guarantee it will stay like that forever. It's probably just a matter of time.

So far we haven't come across any stolen RAV4 Prime / PHEV on this or other forums. There was a guy with PHEV on Facebook where they tried to steal his car twice using the CAN bus attack and they failed. There is some more info about TSK in this discussion:

https://github.com/commaai/openpilot/discussions/19932

This particular point is interesting.

image.thumb.png.ef028f338022502cb99c251db09fab4c.png

Link to comment
Share on other sites

30 minutes ago, kucyk said:

I'm not doing it but it's not a bad idea after all. Even if the car is not vulnerable at the moment, this doesn't guarantee it will stay like that forever. It's probably just a matter of time.

So far we haven't come across any stolen RAV4 Prime / PHEV on this or other forums. There was a guy with PHEV on Facebook where they tried to steal his car twice using the CAN bus attack and they failed. There is some more info about TSK in this discussion:

https://github.com/commaai/openpilot/discussions/19932

This particular point is interesting.

image.thumb.png.ef028f338022502cb99c251db09fab4c.png

Interesting. It looks like the TSK is for now sufficient protection. Just hope they roll it out to all models.

Did you see this breakdown of the injection process? https://kentindell.github.io/2023/04/03/can-injection/

 

Link to comment
Share on other sites

2 minutes ago, Doubletalkjive said:

Interesting. It looks like the TSK is for now sufficient protection. Just hope they roll it out to all models.

Did you see this breakdown of the injection process? https://kentindell.github.io/2023/04/03/can-injection/

 

Yeah, we all saw this article a couple of months ago.

Link to comment
Share on other sites

I suspect some of these posts will get deleted (again) - you are linking to material from a group that are focused on 'hacking' vehicles which, while it may be interesting and informative, is probably not something that this forum wishes to promote. I speak as a forum user only! 😉

However, there is an interesting throw away: "They've implemented a MAC (Message Authentication Code) from AUTOSAR ... All TSS3 vehicles will incorporate this MAC thing unfortunately...". Note the "unfortunately". But fortunately for us, it hints that the fix we seek may arrive with TSS 3 ...

Link to comment
Share on other sites

On 12/28/2023 at 7:39 PM, Doubletalkjive said:

Thanks, that is good news. But I don’t understand why everyone is still going on about CAN bus injection with newer vehicles? Or am I missing something? Where did you get the info about the TSK? I’m intrigued!

Because Toyota have made no such announcement (AFAIK). The TSK stuff is from independent researchers examining the traffic on newer vehicle CANs. Again, AFAIK.

Unless and until there is an official statement from Toyota themselves it is, at best, unverified conjecture.

Link to comment
Share on other sites

52 minutes ago, kucyk said:

Yeah, we all saw this article a couple of months ago.

As usual I’m way behind 😂

  • Haha 1
Link to comment
Share on other sites

Latest Deals

Toyota Official Store for genuine Toyota parts & accessories

Disclaimer: As the club is an eBay Partner, The club may be compensated if you make a purchase via eBay links

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share








×
×
  • Create New...




Forums


News


Membership