Shocking Lexus RX Theft Highlights Vulnerability in Certain Toyota Vehicles
This Lexus RX theft happened in less than 90 seconds thanks to a vulnerability related to the headlight wiring.
Thieves have long been known as a resourceful bunch, capable of figuring out ways to exploit all sorts of vulnerabilities in their never-ending quest to take our valuable goods from us and profit from them. This is particularly true of the automotive realm, where we’ve seen criminals figure out ways to hack into vehicles or simply take advantage of the fact that some are easy to steal thanks to poor design. The latest example of this became clear thanks to a video showing a Lexus RX theft after the thieves simply gained access to its headlight wiring.
All one has to do with a vehicle like this Lexus RX is pry the bumper away from the headlight just enough to gain access to that unit’s wiring harness, at which point they can simply plug in a special device that grants them access to a vehicle’s ECU. From here, they can remotely unlock the doors, start the engine, and drive away with little effort.
This particular issue reared its ugly head earlier this year when a couple of owners reported that it happened to their own Toyota-built vehicles, including a RAV4 and a Land Cruiser. Now, that’s precisely what seems to have happened to this Lexus RX, as the thieves used a device costing several thousands of dollars to inject fake CAN messages into the crossover’s CAN Bus network. These messages “trick” a vehicle into thinking that a trusted key is present.
View this post on Instagram
This prompts the CAN Gateway to believe that everything is just fine, and send messages to the vehicle to disable its immobilizer and unlock the doors. It also makes the vehicle think that a valid key is present, at which point they can simply drive away with their latest acquisition. As for what’s being done to thwart these kinds of attacks, automakers are working on ways to encrypt their CAN Bus networks and possibly even retrofit older vehicles in this manner, but in the meantime, it would certainly behoove Lexus and Toyota owners to be aware of this type of technique.