Thieves around the world are exploiting a disturbingly simple vulnerability to completely bypass the security systems of Toyota and Lexus cars in just a few minutes. This new theft method relies on physical access to the internal electronics, rather than intercepting a wireless signal.
Criminals attach specialized devices called CAN Invaders directly to the headlight wiring. This point gives them easy physical access to the CAN bus (CANbus) - the car's internal network that connects all electronic control units (ECUs).
Through the CAN bus, they send malicious commands (so-called CAN injections) to the ECU. Through these commands, the system is "convinced" that the key is present, the doors are unlocked, the immobilizer is disabled, and the engine is started. All this happens without triggering any alarms. Similar manipulations have already been registered in Canada, Australia and the United Kingdom.
Access to the wiring is achieved through elementary methods such as unscrewing the fender extensions, drilling holes in them or connecting through the taillights on some Lexus models. The entire operation, from connecting the device to driving off with the stolen car, takes literally minutes.
Traditional security measures, including storing keys in "Faraday cages" against relay attacks, are completely ineffective here. The reason is that criminals gain direct physical control over the car's electronics, bypassing the need to intercept the key signal.
In response to the problem, Toyota and Lexus recommend installing additional protection to make it difficult to physically access the wiring. There are also third-party hardware solutions, such as a CANbus gateway blocker, which costs over $500. Cheaper and simpler measures – mechanical steering wheel or wheel locks – could also be a deterrent.
Toyota has been heavily criticized for its slow response. The company has long failed to warn owners and has not announced a recall to fix the software flaw. Some other manufacturers have already introduced software updates to detect and block CAN injections, but full protection for Toyota models is still not a reality, forcing owners to install third-party security measures.