|
I wanted to provide an update regarding the theft of motor vehicles, which members around this area have highlighted as an issue of concern on the Met Engage priority survey. CAN bus vehicle theft is a modern hacking technique where criminals gain physical access to a vehicle's internal network (the Controller Area Network, or CAN bus) and inject fake messages to bypass security systems like the engine immobilizer. This allows them to unlock the doors and start the engine without the actual key fob, often in minutes.
Vehicles particularly vulnerable to "CAN bus injection" theft techniques primarily include certain Toyota and Lexus models, as well as some high-performance Dodge/Mopar vehicles, particularly those manufactured before security updates were implemented (around late 2022).
Thieves exploit a vulnerability where they can access the car's internal network (CAN bus) via an external port (often in the headlight assembly) and send malicious messages to unlock the doors and start the engine without a key fob.
Vulnerable Models
Specific models identified as being at higher risk of CAN bus theft include:
Toyota:
• RAV4: Especially models between April 2019 and October 2022.
• C-HR: Models from October 2016 to October 2022.
• Land Cruiser (including the 150 and 300 series).
• Prius
• Highlander
• GR Supra
Lexus:
• NX (all generations, including newer models as devices have been updated to target them).
• RX
• ES
• LC / LC-C
• LS
• RC
• UX / UXe
Other Manufacturers:
• Dodge Charger and Challenger (high-performance versions are often targeted).
• Range Rover/Land Rover models (access is reportedly done via the tailgate/rear light clusters on some models).
• Certain Hyundai and Kia models, though these are more commonly associated with other keyless entry attacks using emulator devices.
However any keyless model could be vulnerable to this type of theft.
How to Protect Your Vehicle
Manufacturers and security experts recommend several measures to mitigate the risk:
• Manufacturer Solutions: Toyota and Lexus offer "Vehicle Protection Plates (VPP)" to block physical access to the vulnerable wiring and, in some cases, a CAN bus gateway blocker module, which can be installed by contacting a local dealership.
• Physical Deterrents: Use a physical steering wheel lock or a wheel clamp, as these visible deterrents can make thieves move on to an easier target.
• Additional Immobilisers/Trackers: Install an aftermarket, professionally fitted immobiliser or a secondary tracking device that the thieves may not be aware of. Ghost immobilisers are a secondary security device in addition to the manufacturer’s standard security.
• Secure Parking: Park your vehicle in a well-lit area, a garage, or a secure car park whenever possible.
• Faraday Pouch: Store your key fob in a signal-blocking Faraday pouch to prevent "relay attacks," although this does not protect against a direct CAN bus injection once physical access is gained.
 We know that people can be concerned about the personal and financial impact of having their vehicle stolen, which is why we will pursue and arrest those who break the law. Please consider taking the following steps to keep your vehicle safe: Check that your vehicle is locked and secure every time you leave it. Thieves often look for easy opportunities to steal from vehicles. They will usually try the handles until they get lucky and find one that has been left unlocked. Keep your keys safe, out of view when at home and away from your front door. If you have a keyless entry vehicle, keep the key well away from the vehicle while at home and turn off wireless signals on your fob when its not being used. Consider putting the keys in a screened or signal blocking pouch, such as a Faraday Bag and check that it is still working every few months. Park your vehicle in a private garage if you can. If you don’t have access to one, try to park in a well –lit open space. Try to use public car parks that are part of the police approved Park Mark safer parking scheme. Secure your number plates with tamper resistant screws to avoid them being stolen and used by others.
If you ever experience this issue or have information regarding an incident, please report it using our online reporting tools at https://www.met.police.uk/, speak to an operator in our Force Communications Room via our online web chat or call the non-emergency number 101. Alternatively, you can stay 100% anonymous by contacting the independent charity Crimestoppers on 0800 555 111 or via their untraceable online form at crimestoppers-uk.org. We are working on our brand-new strategy for how we police London and we want your help. Our New Met for London: Phase 2 strategy will guide how we deliver on behalf of Londoners over the next three years. | 
