We take the issue of Toyota and Lexus vehicle theft very seriously. We are continuously developing technical solutions to make our vehicles more secure, to help reduce the risk of theft.
An enhanced security hardware system was introduced in October 2021 (Lexus) and October 2022 (Toyota) on the latest models targeted by criminals. Since which, we have seen a significant drop in thefts of those models.
For older models, we endeavour to create solutions that can offer enhanced protection to our customers. Following significant investments by Toyota GB, in line with that of other vehicle manufacturers, newly developed official Toyota and Lexus security hardware components will very soon be available to fit to those targeted models registered before October 2021.
Following communication from Toyota and Lexus in the coming weeks, owners should contact their local dealer to arrange fitment. Customers can already speak to their local dealer about the fitment of a protective plate to block access to the vehicle’s electronics. This is a nationwide customer care offering available on Toyota RAV4 Hybrid, Lexus RX and Lexus NX.
As a vehicle manufacturer, we can never completely eliminate the risk of vehicle theft. This is an industry-wide issue, concerning all vehicle manufacturers and affecting the most popular models first.
In order to further reduce the theft risk, we regularly collaborate and share information with insurance associations, police and law enforcement authorities, theft prevention experts and other key stakeholders around the world. This enables us to understand new threats and techniques used by thieves and develop more secured systems.
Alongside our efforts, we urge those authorities to focus on reducing the number of thefts. We would also like to see action taken that leads to the end to the online sale of devices used by criminals to steal cars without using the car keys, as these devices serve no purpose other than a criminal one.
How do thieves manage to steal cars in this manner?
The thieves disconnect part of the headlamp and use a malicious device to send signals to the control CAN bus (the communication ‘backbone’ within a car) that allow the doors to open and the car to start without the key or remote control.
Thieves need to:
- Purchase a relatively expensive rogue device (third-party ‘emergency start‘ device which costs around £2500 – £4000 each)
- Gain physical access to the vehicle’s CAN bus communication wires for an uninterrupted period.
The third-party ‘emergency start‘ device has the capability to initiate an exploit in the following manner:
- Once connected to the vehicle’s CAN bus communication wires, the third-party ‘emergency start‘ device can send a prioritised series of CAN signals to bypass the vehicle’s security and immobiliser systems, which could allow a thief to unlock the doors and turn the vehicle’s ignition ON.
- The third-party ‘emergency start’ device is then disconnected.
- At this point a thief can enter the vehicle and start the car without the key.
What is Toyota doing to prevent these types of attacks?
Toyota and Lexus take the issue of car theft very seriously. We are continuously developing technical solutions to make our vehicles more secure to help reduce the risk of theft.
In fact, in the UK market, an enhanced security hardware was introduced in October 2021 on the latest versions of the models that had previously been targeted by criminals. Since then, we have seen a significant drop-off in terms of successful thefts of those models.
For older models we endeavour to create solutions that can offer enhanced protection to our customers.
We cannot divulge the precise nature of the imminent security enhancement; should we do so we risk offering information into the public domain that could be of interest to criminal parties.
The intention is to make the security enhancement available to vehicles affected by CAN bus theft.
What models are known to be targeted by this issue and are newer models affected?
The models primarily targeted are fourth-generation Lexus RX and the Toyota RAV4.
For older models we endeavour to create solutions that can offer enhanced protection to our customers.
Since October 2022, Toyota models are subject to a platform change that negates CAN Bus theft. This excludes Hilux, which is not subject to CAN bus attacks.
When did Toyota first become aware of the vulnerability in the security systems?
It is not so much vulnerability of the security systems but more so the growing rise in criminal gangs targeting vehicles for ‘cannibalisation’ and/or complete theft.
Instances appear to have been rising significantly from 2019-2020.
There are many factors involved and at a global level. This includes parts of the world experiencing parts shortage which results in targeted thefts to supply vehicles and/or parts sent to countries experiencing trade restrictions.
Which models can be fitted with the enhanced security feature?
It can be fitted to Land Cruiser 150, RAV4 and first-generation Toyota C-HR.
When is the enhanced security upgrade going to be available and will it be free of charge?
Exact timings are still to be confirmed. We anticipate being able to advise the Toyota Centre network with full details soon. The security enhancement needs to be carried out at a Toyota Centre. Costs are under review; customers may incur a nominal charge.
Are any new models targeted by thieves?
While no car can be considered 100% immune to criminal intent, more recent models are equipped with enhanced security systems aimed at deterring CAN bus type thefts.
Given that the rise in this type or car theft has been known for several years in other countries and is growing in the UK why wasn’t I told about this?
Toyota takes the issue of car crime very seriously. To protect customers’ vehicles our approach is not to disclose our vehicle theft analysis data. The sharing of information could enable thieves to find ways to circumvent anti–theft technologies or make some models particularly attractive to some thieves and unnecessarily vulnerable to attack.
Is a Vehicle Protection Plate (VPP) available for any Toyota models?
Yes, for RAV4, excluding the Plug-In Hybrid model (which is not susceptible to CAN bus attack). The fitment is chargeable.
What is the countermeasure and what’s the plan moving forwards?
We are continuously developing technical solutions to make our vehicles more secure and reduce the risk of theft. An enhanced security hardware was introduced in October 2022 on the latest versions of the models that had previously been targeted by criminals. Since then, we have seen a significant drop-off in terms of successful thefts of those models.
Why is there no recall for vehicles susceptible to the CAN bus attack?
Recall announcements in the UK are guided by very specific guidelines as drawn up by the Driver and Vehicle Standards Agency (DVSA). To qualify as a recall, the issue must relate to a safety or thermal type issue where there is potential for injury as a result of vehicle manufacture or component failure. Only in these such circumstances can a recall be announced. In recall circumstances, the DVSA will provide manufacturers access to ownership records for purpose of communication. Instances of theft do not trigger a recall.
Will Toyota pay for damage caused by an attempted theft?
No. This will need to be addressed by the customer and the vehicle insurers. While we understand theft or attempted theft can be highly upsetting and, in some cases, a costly experience, in such instances customers are first and foremost victims of crime. Toyota does not cover costs associated with criminal activity either under the terms of the warranty or as goodwill.
What is the position with insuring affected models?
As a manufacturer, we stay close to Toyota Insurance colleagues and indeed all motor insurers. We are aware that in many cases, insurance premiums might have increased as a direct result of vehicle crime. We need to refer you to your insurer for further comment.
Just bought a 2024 chr is safe from theses forms of attack,
Hi Paul
We will require your registration number please.
Kind regards
Gu24ztr
Hi Paul
While no car can be considered 100% immune to criminal intent, more recent models are equipped with enhanced security systems aimed at deterring CAN bus type thefts.
It is only Toyota C-HR’s from October 2016 – October 2010.
Kind regards
Hi could I ask you to check my registration please it’s
DE2* *** CH-R 2021 facelift excel
Hi Jim
Please see the following for the information you will require:
An enhanced security hardware system was introduced in October 2021 (Lexus) and October 2022 (Toyota) on the latest models targeted by criminals. Since which, we have seen a significant drop in thefts of those models.
For older models, we endeavour to create solutions that can offer enhanced protection to our customers. Following significant investments by Toyota GB, in line with that of other vehicle manufacturers, newly developed official Toyota and Lexus security hardware components will very soon be available to fit to those targeted models registered before October 2021.
Following communication from Toyota and Lexus in the coming weeks, owners should contact their local dealer to arrange fitment. Customers can already speak to their local dealer about the fitment of a protective plate to block access to the vehicle’s electronics. This is a nationwide customer care offering available on Toyota RAV4 Hybrid, Lexus RX and Lexus NX.
Kind regards
Hi Paul
Just bought a march 2020 chr excel safe from theses forms of attack, JH56VJH
Dear Toyota
Have you notified UK Insurance Companies the steps you are taking such as Anti Thief Plate so that Insurance on the RAV4 and Lexus can be reduced .
Insurance on RAV 4 and Lexus have gone up 100% .
Sale of these models will drop unless this security issue is sorted out .
Hi John
Whilst we cannot speak for all insurance companies, Toyota insurance services would know.
However, it would also be for the driver to update their insurance company with what deterrent’s they have had fitted.
Kind regards
I have a 2022 Land Cruiser registered December 2022 which is proving to be a bit of a target for thieves. Would you be able to confirm if this model is subject to platform change that negates CAN Bus theft, if not would you confirm when the enhanced security upgrade will be available please. I cannot believe that you will be charging for this. Would you also confirm if the Vehicle Protection Plates will fit a J150 Cruiser please.
Hi Martyn
Could you please confirm your vehicles registration and we can advise further.
Kind regards
I would rather not do this on a public forum – is there an alternative email?
Hi MJO
You can always email cr@toyota.co.uk if you’d prefer.
Otherwise, Landcruiser’s built between September 2017 and November 2023 are at risk.
Kind regards
OK – so as my Cruiser is at risk the enhanced security update is a priority – this was muted as late April – please would you confirm – would you also confirm if Vehicle Protection Plates are available for a J150 Cruiser please
Hi MJO
If you raise a case with our Customer Relations team as per the email address we provided, you can provide your vehicle details and they can investigate this for you further.
Kind regards
I have raised a case with Customer Relations but no-one has got back to me – which is poor. In the absence of Toyota providing a timely solution to a known vulnerability I am considering fitting an immobiliser – please would you confirm that this would not invalidate my warranty
Hello Martyn,
Fitment of an immobiliser will not affect the warranty.
However, if the operation or fitment of the immobiliser is the cause of any defect, then we may not support a particular repair
We hope this helps.
Thanks.
Thank you for your swift response – how do I go about getting a response from customer services?
Hi Martyn
I can see a case has been opened for you and you have been communicating through this channel already.
Kind regards
My 2018 Landcruiser was stolen because of the vulnerability which my insurance company pointed out that Toyota has been aware of for many years but as it ultimately enhances their sales turnover has ignored. I am guessing prohibitive insurance premiums are harming sales so Toyota has made an executive decision to address the long known issue
Hi Theft victim
We are sorry that you have been a victim of crime and as per our article:
We are continuously developing technical solutions to make our vehicles more secure, to help reduce the risk of theft.
An enhanced security hardware system was introduced in October 2021 (Lexus) and October 2022 (Toyota), on the latest models targeted by criminals. Since which, we have seen a significant drop in thefts of those models.
For older models, we endeavour to create solutions that can offer enhanced protection to our customers. Following significant investments by Toyota GB, in line with that of other vehicle manufacturers, newly developed official Toyota and Lexus security hardware components will very soon be available to fit to those targeted models registered before October 2021. Following communication from Toyota and Lexus in the coming weeks, owners should contact their local dealer to arrange fitment. Customers can already speak to their local dealer about the fitment of a protective plate to block access to the vehicle’s electronics. This is a nationwide customer care offering. (Only available on Lexus RX, NX and Rav4 Hybrid)
As a vehicle manufacturer, we can never eliminate the risk of vehicle theft. This is an industry-wide issue, concerning all vehicle manufacturers and affecting the most popular models first.
In order to further reduce the theft risk, we regularly collaborate and share information with insurance associations, police and law enforcement authorities, theft prevention experts and other key stakeholders around the world. This enables us to understand new threats and techniques used by thieves and develop more secured systems.
Alongside our efforts, we urge those authorities to focus on reducing the number of thefts.
We would also like to see action taken that leads to the end to the online sale of devices used by criminals to steal cars without using the car keys, as these devices serve no purpose other than a criminal one.
Kind regards
You deleted my previous comment.
You are boasting about sharing information with key stakeholders, yet you deliberately hid this information from one of your most important stakeholders, your customers.
If you had been honest as soon as you found out, many thefts could have been prevented. Do you agreee?
My RAV4 was stolen a week ago without the keys and I found out about it’s inadequate security this weekend. Why wasn’t this subject of a recall? Do you only recall on safety issues not theft risks?
I have the app but it no longer shows the vehicle on it- can this be altered or changed?
Hi Nick
Sorry to learn that you have been a victim of crime.
Recall announcements in the UK are guided by very specific guidelines as drawn up by the Driver and Vehicle Standards Agency (DVSA). To qualify as a recall, the issue must relate to a safety or thermal type issue where there is potential for injury as a result of vehicle manufacture or component failure. Only in these such circumstances can a recall be announced. In recall circumstances, the DVSA will provide manufacturers access to ownership records for purpose of communication. Instances of theft do not trigger a recall.
The vehicle has been removed from the app all together or do you mean you cannot see it’s latest position?
Kind regards
It is laughable that you have just stated you share information with key stakeholders. The issue here is that you hid information from one of your most important stakeholders, your customers.
Its also odd that you have removed things from your original statement.
This is going to be very costly for Toyota with individual claims and group legal claims starting already.
If you had told your customers as soon as you knew, many thefts could have been prevented
Had my Rav 4 2020 stolen a few days ago, and was never informed about this. More alarmingly, Vantage never contacted me, and Steven Eagell (Aylesbury) hadn’t been made aware of this as they seemed clueless when I called to tell them (and they simply offered to sell me another one!?).
Nobody has contacted us about this and I had to Google for “Toyota vulnerabilities” to find out about this.
I am astounded that the exact steps are being reported by Toyota before they have reached out to all customers and, guttingly, I can no longer recommend Toyota to anyone. I am going to have to start highlighting this to people and use it as my next example presentation on infosec, as Toyota are now an unfortunately good example to use as a company that have failed to respond correctly to technological vulnerabilities in their products.
I am really dismayed as I have been a huge supporter for years and, after this, I feel totally disconnected from the company. To anyone who reads this – do not rely or have any faith in Toyota or your service plan with them (notably Vantage/Steven Eagell, at least the Aylesbury branch!).
Hi Toyota
iam on the verge of buying a Rav 4 hybrid how can i tell if this security system has been fitted already
or not for insurance purposes
Hi Norman
Do you have the registration number please or if you are purchasing through an authorised Toyota Centre they will be able to advise you.
Kind regards
I’ve come to this website the day after my Rav4 was stolen from Watford Junction train station car park in broad daylight – locked and no key. Kicking myself that I become knowledgeable on these items after the event. Why couldn’t Toyota provide advice to all owners when you knew about the vulnerability? You must have the data to know who owns them.
Hi Richard and thank you for talking the time to get in touch.
Firstly, we’re very sorry to hear about your experience. While fundamentally, you have been a victim of crime, its understandable that some customers such as yourself would turn to the manufacturer for answers. Contacting customers to forewarn against something that may or may not happen sadly isn’t as straightforward as it might seem. Given we go to market predominantly via a franchised dealer network, complete customer data including permissions, is a bit of a minefield. There are also many reasons why organised crime gangs target various models across all manufacturers and sadly, we recognise the Rav4 in recent months appears to be such a model. For new models, we have developed new and effective factory-built systems which appear successful, but we continue to work on solutions for older models. As soon as these solutions become available, we advise our dealer network accordingly. Again, we are sorry but thanks again for getting in touch.
Kind regards
Hello,
Can you please tell me if my C-HR YO21 VHE is affected?
I booked in for a service and MOT with Steven Eagell Milton Keynes (June) and they did not know anything about this.
If someone could let me know if this new security enhancement is likely to be fitted during my service and MOT that would be very reassuring.
Thank you.
Hi James
The enhanced security is due and as soon as this becomes available, we advise our dealer network accordingly.
I cannot confirm this will be ready in time for your MOT and service until further detail is known.
Kind regards
Hello,
If you cannot confirm this will be ready for a service booked in June it suggests the end of April date originally touted seems to have been pushed back. Is my understanding of this correct?
Hi Kiran, thanks for your comment.
We have no confirmation of a time frame at the moment, we are working to make it available as soon as possible.
Thanks,
Toyota UK
Hello again,
You didn’t confirm if my C-HR is affected by these security issues.
Could you please confirm whether my car requires these two security enhancements?
And, can you please confirm if the dealership will be in touch with me about fitting, or can someone from Toyota please let me know when I need to book this?
Thank you
Hi James
We apologise if the previous answer wasn’t very clear but yes your vehicle is affected.
Please keep in contact with your local Toyota Centre for any updates with regards to this.
Kind regards
After reading an article in another forum, I’m just amazed how easy the RAV4 CAN can be hacked, it’s not from the suggested ‘a relatively expensive rogue device (third-party ‘emergency start‘ device which costs around £2500 – £4000 device’ but from a portable wireless speaker under £30! Apart form the wheel well, to Toyota knowledge, how many connectors that are potentially exposed that need protecting?
Hi Paul, thanks for your comment.
The methods of theft are ever evolving and it is something that ourselves and others in the industry are constantly working on. Affected RAV4 units can be fitted with a set of two vehicle protection plates that act as a guard against the wheel arch entry points. We are also working on further security updates, which your local Toyota Centre can advise further on.
Thanks,
Toyota UK