High-tech thieves expose Toyota’s vulnerabilities
Toyota has earned a reputation as one of the industry’s most dependable brands over the decades. Sure, there’s the occasional recall that makes headlines but the brand still ranks at the top of reliability surveys year after year. This reputation for reliability makes Toyotas desirable in both new and used car markets, which in part has led to an unexpected problem.
Car thieves are targeting Toyota and Lexus models across Canada, Australia and the UK with a hack that can make these car’s security systems useless in minutes. They’re using a device called a CAN Invader that can bypass a vehicle’s immobilizer, unlock doors and start the engine with no one being the wiser. These attacks can potentially be used against most modern cars, but the alarming frequency with which thieves are targeting Toyotas exposes a fundamental weakness.
How the CAN Bus exploit works
First, thieves have to gain access to the car’s electronics. Unfortunately, this is simpler than one would think. Modern cars have all their electronics connected via CANbus (Controller Area Network), a communication protocol used to connect to a car’s ECU. CANbus is used to control everything from stereo systems and electronic seats to a car’s lighting.Â
In Toyota’s case, thieves are gaining access to the CANbus by plugging in their hacking device into headlight wiring, by simply peeling back fender liners or by drilling holes in them. In some Lexus models, thieves are plugging in via the taillights. In minutes, the thieves use CAN injections, or lines of malicious code, to trick the car’s ECU into thinking a key is present, further unlocking doors and disabling the immobilizer, and finally starting the engine without triggering any alarms.
What you can do to protect your car
These CANbus attacks are particularly disturbing because traditional security measures offer no protection. For example, storing car keys in Faraday cages to prevent relay attacks doesn’t help since thieves are accessing the car’s ECU physically. The first step towards protecting your car comes from making sure that access is blocked.
Toyota/Lexus is offering goodwill wheel well protection in some markets, blocking physical access to wiring. The next solution is a CANbus gateway blocker, a relatively expensive fix at over $500. Low-tech solutions that could help deter thieves in the first place are steering wheel locks and/or wheel locks.
Toyota is facing criticism for not alerting owners to the security flaw or offering recalls to remedy the issue. While some manufacturers have begun rolling out software updates to detect and block CAN injection attacks, Toyota’s response has been slower. Until Toyota implements comprehensive security updates across its model range, owners have no choice but to take their vehicle’s security into their own hands.
Â
