Toyota GB statement on vehicle theft

Diversity at Toyota

We take the issue of Toyota and Lexus vehicle theft very seriously. We are continuously developing technical solutions to make our vehicles more secure, to help reduce the risk of theft.

An enhanced security hardware system was introduced in October 2021 (Lexus) and October 2022 (Toyota) on the latest models targeted by criminals. Since which, we have seen a significant drop in thefts of those models.

For older models, we endeavour to create solutions that can offer enhanced protection to our customers.  Following significant investments by Toyota GB, in line with that of other vehicle manufacturers, newly developed official Toyota and Lexus security hardware components will very soon be available to fit to those targeted models registered before October 2021.

Following communication from Toyota and Lexus in the coming weeks, owners should contact their local dealer to arrange fitment. Customers can already speak to their local dealer about the fitment of a protective plate to block access to the vehicle’s electronics. This is a nationwide customer care offering available on Toyota RAV4 Hybrid, Lexus RX and Lexus NX.

As a vehicle manufacturer, we can never completely eliminate the risk of vehicle theft. This is an industry-wide issue, concerning all vehicle manufacturers and affecting the most popular models first.

In order to further reduce the theft risk, we regularly collaborate and share information with insurance associations, police and law enforcement authorities, theft prevention experts and other key stakeholders around the world. This enables us to understand new threats and techniques used by thieves and develop more secured systems. 

Alongside our efforts, we urge those authorities to focus on reducing the number of thefts. We would also like to see action taken that leads to the end to the online sale of devices used by criminals to steal cars without using the car keys, as these devices serve no purpose other than a criminal one.

How do thieves manage to steal cars in this manner?

The thieves disconnect part of the headlamp and use a malicious device to send signals to the control CAN bus (the communication ‘backbone’ within a car) that allow the doors to open and the car to start without the key or remote control.

Thieves need to:

  • Purchase a relatively expensive rogue device (third-party ‘emergency start‘ device which costs around £2500 – £4000 each)
  • Gain physical access to the vehicle’s CAN bus communication wires for an uninterrupted period.

The third-party ‘emergency start‘ device has the capability to initiate an exploit in the following manner:

  • Once connected to the vehicle’s CAN bus communication wires, the third-party ‘emergency start‘ device can send a prioritised series of CAN signals to bypass the vehicle’s security and immobiliser systems, which could allow a thief to unlock the doors and turn the vehicle’s ignition ON.
  • The third-party ‘emergency start’ device is then disconnected.
  • At this point a thief can enter the vehicle and start the car without the key.

What is Toyota doing to prevent these types of attacks?

Toyota and Lexus take the issue of car theft very seriously.  We are continuously developing technical solutions to make our vehicles more secure to help reduce the risk of theft.

In fact, in the UK market, an enhanced security hardware was introduced in October 2021 on the latest versions of the models that had previously been targeted by criminals. Since then, we have seen a significant drop-off in terms of successful thefts of those models.

For older models we endeavour to create solutions that can offer enhanced protection to our customers. 

We cannot divulge the precise nature of the imminent security enhancement; should we do so we risk offering information into the public domain that could be of interest to criminal parties.

The intention is to make the security enhancement available to vehicles affected by CAN bus theft.

What models are known to be targeted by this issue and are newer models affected?

The models primarily targeted are fourth-generation Lexus RX and the Toyota RAV4. 

For older models we endeavour to create solutions that can offer enhanced protection to our customers.

Since October 2022, Toyota models are subject to a platform change that negates CAN Bus theft. This excludes Hilux, which is not subject to CAN bus attacks.

When did Toyota first become aware of the vulnerability in the security systems?

It is not so much vulnerability of the security systems but more so the growing rise in criminal gangs targeting vehicles for ‘cannibalisation’ and/or complete theft.  

Instances appear to have been rising significantly from 2019-2020.

There are many factors involved and at a global level. This includes parts of the world experiencing parts shortage which results in targeted thefts to supply vehicles and/or parts sent to countries experiencing trade restrictions.

Which models can be fitted with the enhanced security feature?

It can be fitted to Land Cruiser 150, RAV4 and first-generation Toyota C-HR.

When is the enhanced security upgrade going to be available and will it be free of charge?

Exact timings are still to be confirmed. We anticipate being able to advise the Toyota Centre network with full details soon. The security enhancement needs to be carried out at a Toyota Centre. Costs are under review; customers may incur a nominal charge.

Are any new models targeted by thieves?

While no car can be considered 100% immune to criminal intent, more recent models are equipped with enhanced security systems aimed at deterring CAN bus type thefts.

Given that the rise in this type or car theft has been known for several years in other countries and is growing in the UK why wasn’t I told about this?

Toyota takes the issue of car crime very seriously. To protect customers’ vehicles our approach is not to disclose our vehicle theft analysis data. The sharing of information could enable thieves to find ways to circumvent anti–theft technologies or make some models particularly attractive to some thieves and unnecessarily vulnerable to attack.

Is a Vehicle Protection Plate (VPP) available for any Toyota models?

Yes, for RAV4, excluding the Plug-In Hybrid model (which is not susceptible to CAN bus attack). The fitment is chargeable.

What is the countermeasure and what’s the plan moving forwards?

We are continuously developing technical solutions to make our vehicles more secure and reduce the risk of theft. An enhanced security hardware was introduced in October 2022 on the latest versions of the models that had previously been targeted by criminals. Since then, we have seen a significant drop-off in terms of successful thefts of those models.

Why is there no recall for vehicles susceptible to the CAN bus attack?

Recall announcements in the UK are guided by very specific guidelines as drawn up by the Driver and Vehicle Standards Agency (DVSA). To qualify as a recall, the issue must relate to a safety or thermal type issue where there is potential for injury as a result of vehicle manufacture or component failure. Only in these such circumstances can a recall be announced. In recall circumstances, the DVSA will provide manufacturers access to ownership records for purpose of communication. Instances of theft do not trigger a recall.

Will Toyota pay for damage caused by an attempted theft?

No. This will need to be addressed by the customer and the vehicle insurers. While we understand theft or attempted theft can be highly upsetting and, in some cases, a costly experience, in such instances customers are first and foremost victims of crime. Toyota does not cover costs associated with criminal activity either under the terms of the warranty or as goodwill.

What is the position with insuring affected models?

As a manufacturer, we stay close to Toyota Insurance colleagues and indeed all motor insurers. We are aware that in many cases, insurance premiums might have increased as a direct result of vehicle crime. We need to refer you to your insurer for further comment.

1,035 comments

  1. Dear Toyota what is this device the reviewer is referring to at around 2.10 seconds? (the security token)

    This video is from 5 months ago.

    Link removed:

    I also have a rav4 and I am awaiting the security update. Someone in the comments of this video is asking the same question. Glass says protected by dotdna which takes me here. Link removed:

    Is there a security update for Germany not the UK?

    If it is not the security solution any update on when it is coming for us?

    Thank you

    1. Hi Neo,thanks for getting in touch.

      Please could you provide your registration number so we can check what your vehicle requires. The device you kindly mention appears to be for the German market.

      Thanks,

      Toyota UK

      1. Hi Neo,thanks for the reply and the number plate.

        Your 2024 Toyota RAV4 is not vulnerable to this method of attack as it already has the latest enhanced security hardware system on board.

        Thanks,

        Toyota UK

      2. Thanks whilst we’re here please also check my parents. Number plate *****. Please remove number plate when responding too.

      3. Hi Neo,thanks for additional request.

        We can confirm that your parents’ vehicle is not vulnerable to this method of attack also.

        Thanks,

        Toyota UK

  2. I own a 22 registered (22MY) C-HR GR Sport. I took the car for its second service and was invoiced £70 to have the ‘security hardware fitted’. When I collected the car I was informed that no security hardware was available for the C-HR. I am relying on a DIY fit headlamp clamp and an old Disklok. This has been ongoing for 18 months. Get it sorted its a known design fault. I will advise people to avoid this model as it is not a priority for Toyota.

    1. Hi Kevin,thanks for getting in touch.

      Please could you provide us with the registration of your C-HR so we can follow up.

      Thanks,

      Toyota UK

    2. Hi Kevin,thanks for the reply.

      Any number plate provided will be read,used and redacted before posting.

      Thanks,

      Toyota UK

  3. I am sat in Vantage Toyota in Leeds, as I write this message. I am currently having the 3 yearly service carried out on my RAV4. I have just inquired about having these can bus plates fitted and was quoted £156.70 inc vat plus 1 hours labour. The service engineer told me that only certain parts of the country qualify for the plates supplied free of charge.
    Quite frankly I think this stinks! I think all RAV4 owners, no matter where you live in UK should qualify for this job sorting. It’s not the customers fault this problem has occurred.

    1. Hi John,thanks for getting in touch.

      We have spoken to Vantage Toyota Leeds, they should be speaking with you soon.

      Thanks,

      Toyota UK

  4. Hi ,
    I had my two lexus NX cars got stolen recently within 4 months from each other, both by CanBus hack. I am now thinking of buying a Toyota CHR, but not too sure if this would be easily targeted. Can you please advise if the LM24***, would be vulnerable?

    1. Hi MM,thanks for getting in touch.

      We are terribly sorry to hear that you have been affected by this awful crime.
      The Toyota C-HR details you provided is not vulnerable to CANbus theft.

      Thanks,

      Toyota UK

  5. I live in London and had my 2019 RAV4 stollen last summer and the police told me it was likely due to the can bus, which had become a big issue.

    The team at the Toyota dealership told me they were unaware of the issue and I couldn’t believe a company like Toyota would leave its customers exposed to a known issue like that of their own design, so I bought a replacement RAV4. Sadly, that was my mistake as the replacement was stollen two nights ago.

    I have now seen the press and this statement and don’t understand why Toyota didn’t email me once the statement came out to tell me to come and get the enhanced security feature fitted (I get enough other emails from Toyota suggesting new vehicles to buy, reminding me of service dates, etc).

    It’s essentially criminally negligent to sell these cars knowing there’s an issue and not to seek to address it proactively.

    1. Hi Tom,thanks for getting in touch.

      We are terribly sorry to hear that you have been affected by this awful crime on more than one occasion.
      Please be assured this is a matter that we are taking extremely seriously.
      We are continuously developing technical solutions to make our vehicles more secure and reduce the risk of theft.
      While we understand theft can be highly upsetting, in such instances customers are first and foremost victims of crime.
      Once again, we are really sorry that you have been affected by this horrible crime and for any distress this may have caused.

      Thanks,

      Toyota UK

      1. Toyota team,
        It’s great that you’re developing solutions to make vehicles more secure, it’s just so disappointing than you haven’t proactively reached out to customers to let them know these are available (and have dealers claiming the issue doesn’t exist) – that puts customers in a really vulnerable position.
        I was lucky to get my second stollen RAV4 back, although have just received the results of the vehicle health check from the dealership, which is a £5,000 bill to replace the steering wheel and fit a new telematics unit.
        In addition to the disappointment that customers are not being proactively warned of this known risk, it seems like you are now profiting from the costs of repair work caused by it as well.

      2. Hi Tom, thanks for your comment.

        We’re really sorry to hear that you have been a repeat victim of this crime, it is something that we are continuously looking into. As for the Vehicle Protection Plate on eligibile vehicles, we gain no profit from this fitment.

        Thanks,

        Toyota UK

  6. I went to the Malvern spring festival and was approached by a fellow Toyota RAV4 owner who asked if I had had the Cam bus plates fitted and explained what they were and what could happen if they aren’t fitted. I must confess that I hadn’t heard of this but as I’m having a service I contacted my dealership who said that they would fit them but would charge £70 to do so as I hadn’t had a letter from Toyota pertaining to this possible issue.
    Like other readers I am astonished to see that it has to be a customer lead feature having these fitted. I have authorised the garage to fit them begrudgingly!

    1. Hi Andrew,thanks for your comment.

      We have spoken to bookings team in relation to the vehicles’ visit. They will let you know on the day.

      Thanks,

      Toyota UK

      1. I was astonished but extremely pleased when I received a phonecall from Toyota head office thanking me for the message I’d posted and said that they had been in touch with my dealership reference the theft deterrent. As a Toyota owner since 1983 it was very refreshing to see my loyalty to the brand both acknowledged and rewarded in this way. Thank you Toyota.

  7. Hi, I have just signed the paperwork to buy a Rav4 at a Toyota dealership and joined a Facebook group and was alarmed to read about the design flaw in the 2021 model, surly the dealership should have communicated the problem to me, “buy-the-way criminals can steal your car in 120 seconds” I understand there is a retro fit protective plate over the connection but as an electronics engineer this is only a sticking plaster over open-heart surgery when will the underlying design flaw be addressed. I am considering cancelling the Toyota and letting everyone I know on social media know about this problem with Toyota cars.

    Thanks

    1. Hi Andy,thanks for getting in touch.

      Please could you provide the registration number of the vehicle you are considering to purchase.

      Thanks,

      Toyota UK

  8. Hi,booked our rav 4 in for can bus security plate to be fitted along with scheduled servicing work only to informed when the car was returned that no plate is available for our model, even after we’d been quoted £70 for fitting, so is there a plate and if not when can we expect one to be available, registration is Ys18***,thanks,mick.

    1. Hi Mick,thanks for getting in touch.

      Based on the details provided your vehicle is not vulnerable to the CANbus method of theft.

      Thanks,

      Toyota UK

    1. Hi Wes,thanks for getting in touch.

      Please could you provide the registration so we can check. Please note we can only look up UK sold vehicles as the XLE grade is for the US market.

      Thanks,

      Toyota UK

      1. Ok. This is US. I’ll assume mine is affected. That said… it is going to be incredibly disappointing to have to pay out-of-pocket for whatever security fixes are coming as a result of this. Aside from the general paranoia of leaving the car locked in public parking lots I’m hearing of insurance premiums going up as result of how downright trivial it is to steal these vehicles.

        If anything this calls for some type of recall. It’s just not fair to the customer.

  9. What about mine?
    It is vulnerable for CAN attack?
    *******, Please delete the car reg after read this

    1. Hi M.R,thanks for getting in touch.

      Your vehicle is deemed as vulnerable to CANbus theft.
      We are currently working on further security enhancements, but have no update to offer at the moment.
      Please keep an eye on this page for any updates.
      You may wish to have a read of the following article to assist in the short term: https://mag.toyota.co.uk/car-security-advice-and-tips/

      Thanks,

      Toyota UK

Leave a Reply

Your email address will not be published. Required fields are marked *

To be the first to hear about all of our latest news, offers and events, check the box below, we’ll send these communications by email, phone, SMS or post. Be assured that Toyota will only share your personal information with companies that are an integral part of fulfilling the services we deliver. If you would like to find out more about how we process your data please visit our privacy policy for details.

I understand that I can unsubscribe at any time.