LANDCRUISER THEFT EPIDEMIC

Dealing with the recent wave of thefts targeting the Toyota LandCruiser 200, 300 and 250 Prado

LANDCRUISER THEFT EPIDEMIC

Dealing with the recent wave of thefts targeting the Toyota LandCruiser 200, 300 and 250 Prado

2024 and 2025 has seen a huge increase in thefts targeting modern vehicles, with Toyotas in particular being the subject in Australia. This includes the LandCruiser 200, the LandCruiser 300 and the new LandCruiser 250 Prado.

It was probably only a matter of time before the security systems of these vehicles were compromised, and that has certainly occurred now. Police in Victoria report a near 100% increase in LandCruiser thefts over the 2024 year, and it's only further increased in 2025 now that the 300 and 250 have been compromised.

Read on below for a description of the problem, some countermeasures you can take, a guide to the (lack of) actions by manufacturers, plus a statement on the issue from Toyota Australia.

Affiliate link notice: This page contains eBay affiliate links, for which I may receive a commission if you click on a link and make a purchase of any item on eBay. The price you pay is unaffected. 

LANDCRUISER THEFTS - HOW ARE THEY DOING IT?

The electronic security systems in modern vehicles helped security for a while, but once compromised, provide ready access to the entire model range. Most brands have some level of susceptibility via (now) well-documented vulnerabilities in the vehicles' data systems.

LANDCRUISER 200:

The majority of LandCruiser 200 thefts are achieved through forcing entry to the vehicle, then accessing the OBDII port located under the dashboard. After accessing this port, they reprogram the security system, start the car and drive off. The tools to achieve this are readily available and cheap to purchase.

200s can also be stolen using the 'key fob relay' method, where a pair of devices can be used to relay the signal from the factory key fob, if the thieves can get close enough to one of the authorised key fobs (for example, through a house window or the side of a caravan).

I understand that some 200-series variants are also susceptible to the CAN injection method used for the 250 and 300 series.

LANDCRUISER 250 and 300:

Thefts of the 250 Prado and 300 are more sophisticated, and almost exclusively use the CAN Injection attack method. The thieves access the vehicle's CANbus data system through wiring looms located at various places around the vehicle. They don't actually need to force entry to the interior to use this method. The most common access locations for the 300-series seem to be the front headlight assembly or the passenger door (by cutting a hole in the door), while for the Prado 250, it's via a hole cut into the rear tailgate.

After accessing the system, the thieves can unlock the car, start it and drive off by making use of a device which sends ("injects") fake commands into the CANbus security and powertrain modules. They also disable the inbuilt "Toyota Connected Services" tracking system. If you want a detailed description of a CAN Injection attack, read this article.

The 250 and 300 aren't really susceptible to key fob relay attacks, as their key fobs enter sleep mode after a few minutes of inactivity.

LANDCRUISER THEFTS - COUNTERMEASURES

Let's start with the bad news: If someone really wants your car, there's not much you can do about it. Dragging it onto a tilt-tray is always an option! But there are many steps you can take to delay them, making it less likely your car will be taken over one that's easier to access:

OLD-SCHOOL KILL SWITCHES:

By far the cheapest option, and quite effective. All modern vehicles have a number of circuits that must be powered (or provide the appropriate signal) in order for the vehicle to start. Options are varied, but include things like brake pedal switches, gear position switches, starter-motor power supplies, starter solenoid circuits, injector power supplies, ECU power supply etc. Best that I don't give specific instructions for this one, or I'd just be providing a guide for the thieves. But if you're reasonably handy with auto electrical systems (or speak to an auto electrician), you should be able to find an appropriate circuit to cut, insert a manual kill switch, and secret that switch somewhere in the vehicle. Then you need to switch it on and off as required to secure the vehicle.

Obviously, the security of this option depends on the method and switch location remaining secret.

STEERING WHEEL LOCKS:

Sticking with the back-to-the-future theme, there has been a resurgence in the use of steering wheel locks. There are a number of different versions available these days, from those resembling the original 'Club' lock, to a locking cable version, or a "T-Type" that wedges the steering wheel to the dash.

All of these items just add a bit of a delay, but being visible may act as a deterrent and cause the thieves to move on. Unfortunately, they are also an inconvenience for the owner, at a time when we've become used to just getting in the car, pushing a button, and driving away.

OBD2 PORT BLOCKERS AND DUMMY PORTS:

For the LandCruiser 200 specifically, blocking access to the OBDII port with a locking cover can provide some additional security. I would recommend one that uses multiple screws, as this further delays theft, even if the person has a selection of tools with them. Removing the OBD fuse or inserting a kill switch into its power supply will also limit the functionality of the port, although it will have to be replaced for service access.

If you have a device plugged into the OBD port (such as a scan gauge), then de-mounting the port from its regular location and cable-tying it well up inside the dash can also cause some delays. Particularly if you replace the removed port with a dummy port (see next paragraph).

Dummy (fake) OBD ports look like the real thing, but do nothing. Simply relocate the factory OBD port, and put the fake one in its place. They are powered, so will seem real when a device is plugged in, but are not connected to the ECU, so can't compromise security.

IMMOBILISERS:

I would use caution if considering a self-installed off the shelf start inhibiter kit. Only because if these kits become common, then it's a simple matter for the thieves to familiarise themselves with their method of operation and location, by simply buying one for themselves.

There are however a number of sophisticated immobilisers available which claim to secure against CAN injection attacks, and can only be installed by an authorised dealer network, helping to maintain the security of their systems.

  • GHOST immobiliser: Operates by requiring a PIN code to be entered via factory buttons (such as steering wheel buttons). This is a bit inconvenient every time you start the car, but they do provide a high level of protection.
  • IGLA immobiliser: Uses a mix of bluetooth key fobs, smartphones and/or PIN button codes to secure the vehicle.
  • Stealstopper immobiliser: Uses an in-car module combined with a bluetooth connection to your phone. It deactivates automatically when your phone is in the car, so less of a hassle than entering a PIN each time you drive, but costs a bit more than the Ghost.

TRACKING DEVICES:

The thieves disable the factory Toyota tracking system immediately. However, adding a third party alternative could be more successful. There are several options available (listed from cheapest to most expensive):

  • Tags: Simple tag trackers such as the Apple-compatible AirTag, or Samsung-compatible SmartTag are cheap, basic devices which connect to mobile phones in the vicinity, and 'use' them to track and relay their approximate location to the owner via a phone app. AirTags will work with Apple devices, and SmartTags with Samsung devices. Ensure you disable the speaker in the AirTag or SmartTag before installing it, to reduce its chance of being discovered.
  • Cellular Trackers: There are a wide variety of 4G-based cellular tracking devices available online. These are hidden inside the vehicle, connected to power, and can be tracked remotely using a phone app or via return text message. These devices work anywhere within the mobile service footprint of the chosen carrier, and require a mobile service plan.
  • Satellite Trackers: There are a few satellite tracking systems on the market, including the Iridium Edge, or the Spot Trace. The Iridium provides better coverage than the Spot, but costs substantially more, both initially and per month.

 

WHAT ARE MANUFACTURERS DOING ABOUT CAN INJECTION THEFTS?

Unfortunately, the answer seems to be very little, despite ample warnings and even 'real world' hacking events dating back more than a decade.

Security experts began warning of the potential for CANbus exploits dating back as far as 2010. Security measures and encryption options have been available since at least 2012.

Numerous articles and warnings have been published in assorted security papers and publications from 2011-onwards. See here, here, here, here, here and here for some examples.

Specifically dealing with Toyotas, A UK computer security expert published a comprehensive report and provided solutions after his own RAV4 was stolen back in 2022. He claims to have contacted Toyota to provide the relevant information on the method and potential solutions. His article has been widely reported in security and automotive publications since 2023.

Yet here we are in 2025, and apparently no security measures to eliminate CAN Injection attacks have been implemented by Toyota (or any other manufacturers). Thousands of vehicles have been stolen in Australia alone using CAN Injection and OBD hack methods. One can only assume that the numbers globally must be in the tens of thousands.

QUESTIONS FOR TOYOTA, AND THEIR RESPONSE

When researching this article, I contacted Toyota Australia and asked them a series of questions as follows:

1. Is Toyota aware of the CAN injection method thefts of LC300 and Prado 250 vehicles, including the vehicle access methods used, and the disabling of the Toyota vehicle tracking systems?

2. I have found articles claiming that the CAN injection attack vulnerability has been exploited on Toyota vehicles dating back to at least 2022, and that Toyota (global) have been aware of this (and some potential fixes) since at least April 2023. Is this correct?

3. What steps (if any) is Toyota taking to eliminate this vulnerability in current and future vehicles?

4. If a fix is under development, how will it be implemented (ie, via a recall, TSB etc?), and what is the expected timeframe before it is released?

5. If a fix is under development, will it be provided free of charge for existing vehicles, and will it be provided to all susceptible models (including those since-discontinued, such as the LC200)?

 

Unfortunately, Toyota did not address the specific questions I posed, instead responding with the following statement:

The safety of our customers and the wider community is of the highest priority for Toyota.

Toyota Australia has been proactively assisting Police with their enquiries into these serious crimes.

We continuously review and update vehicle security features to support our customers in the ongoing prevention of vehicle theft.

I certainly hope Toyota are doing a lot more behind the scenes than their statements on the issue suggest. Because given the enormous cost of these thefts to their customers, they certainly should be working 24/7 to develop and deploy a security update for their vehicles at the earliest possible opportunity. If they don't, then I can only imagine that a class action lawsuit will be coming, sooner rather than later.

WHERE TO FROM HERE?

The very first thing you should do is contact Toyota (or your vehicle manufacturer) and demand that they take this issue seriously, develop a security update for their CANbus system as a matter of urgency, and that they deploy that solution to both new and existing vehicles.

If you're in Australia, Toyota Customer care can be contacted by phone on 1800 869 692 or via their Contact form. For other countries, check your local Toyota website.

In the mean time, I strongly advise you to install one or more of the countermeasures listed above.

I'll update this page as further information comes to hand, particularly if or when Toyota provide a fix for this vulnerability.

Use the icons below to
share or like this page:

Comments/Questions:

Scroll to Top