Photo: Pakutaso
crime

Japanese police struggling with growing number of 'CAN invaders' used to steal luxury cars

34 Comments
By SoraNews24

In July, news broke about a man who was arrested for driving a stolen Lexus to steal another Lexus, which triggered a lot of talk about how often these types of luxury cars seem to be the targets of thieves in Japan. Personally, the one thing that bothered me about video of that incident was what the suspect was doing down near the wheel.

▼ In the security camera video we see the thief peel back the fender but then they cover up the camera to hide the rest of their work.

Now a recent arrest which is said to be among the first of its kind in Japan, might shed some light on why the not-so-humble Lexus seems so theft-prone. The two suspects, a man from Sakai City, Osaka Prefecture, and Saitama City, Saitama Prefecture, are accused of using a “CAN invader” to steal a Lexus RX from a parking lot in Chiba Prefecture on Feb 2.

“CAN invader” is the Japanese term for a device car thieves use to hack into a car’s controller area network (CAN) bus, which is the internal network that connects all of its components, from its ignition to its AC. We often don’t think about how computerized the average car has become, but it runs on volumes of coding comparable to that of a desktop operating system. Luxury cars, with all their comfort features, are even more integrated.

However, many automobiles tend to lack the same level of cybersecurity that personal computers enjoy. Even worse, the CAN sends data through the car’s regular wiring, which means it can be accessed simply by patching a CAN invader into any wire a thief can get their hands on. In the case of the those arrested, the headlights were a relatively easy access point from under the front bumper or through the wheel well.

▼ As we can see in this news report about the arrests, CAN invaders also come in stylish pink models.

From there the CAN invader simply overrides the car’s security and gains access to everything, especially its locks and ignition, both within minutes and without causing any suspicious damage to the vehicle in the process. If the spate of thefts over the last year or so is anything to go by, it looks as if thieves have figured out the setup for the Lexus CAN bus in particular, and are having a field day stealing them.

The fact that it can be done fairly quickly and without a fuss is also making it very hard for the police to catch thieves who use CAN Invaders. The Hyogo Prefectural Police say that over 192 luxury cars have been stolen in this way all over Japan, amounting to 950 million yen in damages.

There are ways to protect against this, however. A trusty steering wheel lock might do the trick if a particular thief’s manual skills don’t live up to their digital ones. Third party engine immobilizers, that shut down the car when a theft attempt is made, are likely not affected by the CAN invader and also protect against the second most common method of relay thefts. This is where thieves boost the remote signal from the owner’s keys to make it seem like they are near the vehicle, thus allowing the doors to open and engine to start.

▼ Demonstration of an immobilizer on a cousin of the Lexus, the Toyota Highlander

But most importantly, it will be up to the manufactures to develop more securely encrypted internal networks for their vehicles in order to keep up with their ever-increasing sophistication. After all, it’s their cars’ reputations that are on the line.

Sources: Yomiuri Shimbun, Asahi Shimbun, Chunichi Shimbun

Read more stories from SoraNews24.

-- Happy ending for Japanese man whose sports car was stolen right before his eyes

-- Nagoya man driving stolen Lexus RX steals Lexus LX

-- Lexus creates $1,350 luxury randoseru Japanese backpack with material from its iconic sports car

© SoraNews24

©2021 GPlusMedia Inc.

34 Comments
Login to comment

Gone in more 60 seconds but still gone.

7 ( +8 / -1 )

cant most modern cars be tracked by gps? I have an app for my car that shows me exactly where it is. Simply show the cops and they can track the thieves.

5 ( +7 / -2 )

...controller area network (CAN) bus, which is the internal network that connects all of its components, from its ignition to its AC

This why I like my simple K van which is pretty much all analog aside from the windows. In the future, I hope they keep the simpler "basic" vehicles available as an option and which sell for a lower price.

13 ( +14 / -1 )

This is not a problem for the Police. This is maker's design/security problem. Considering the fact that we no longer live in a honorable society, they should have foreseen this problem!!! If I pay 10~15 million yen for a car, I expect it to be theft proof!

Secondly, the maker's GPS tracker can be disabled by the thieves, so it would be a good idea for the owners of current vehicles to install an independent battery powered GPS tracker and hide it somewhere like the rear brake light.

8 ( +9 / -1 )

@Ramzel

cant most modern cars be tracked by gps? I have an app for my car that shows me exactly where it is. Simply show the cops and they can track the thieves.

The thieves must know this as well, so they'd be pretty stupid to bring the cars back to their homes or base of operations.

7 ( +7 / -0 )

This is not a problem for the Police.

Yep only stolen bikes

12 ( +14 / -2 )

The automobile theft industry still well and alive progressing just as much as the automakers themselves, in fact in some cases the two industries work together.

-2 ( +2 / -4 )

So what about all the street and high way cameras can they not trace the vehicle and it license plate by using good old hard police work and review footage?

3 ( +3 / -0 )

It's really easy to steal a car in Japan (easier than bike), you just have to go to the parking lot of a combini or a supermarket and look for cars with nobody inside but whose engines are running. There is almost always one !

13 ( +14 / -1 )

So what about all the street and high way cameras can they not trace the vehicle and it license plate by using good old hard police work and review footage?

I don't mean to laugh at this, I'm sure you mean well. I had a bike stolen from my apartment a few years back. I found out who had stolen it (a neighbour), and where and when they had sold the bike (at Hard Off). Despite me doing their hard work, and despite Hard Off saying that the cops only need to ask, nothing happened.

In the end I just knocked on his door, looked vaguely menacing and he soon repaid me.

10 ( +10 / -0 )

Motto of the Bōryokudan?

“Yes we CAN”

3 ( +5 / -2 )

Modern car keys have an rfid code in them and the car is not supposed to be able to start without the correct rfid code. This was done to prevent thieves from busting the ignition lock and stealing the car. Many modern motorcycles have this feature too. If you try to start your car with the spare key for the trunk that has no rfid in it the car won't start. So now I am wondering if these CAN invaders are also able to defeat this security feature?

2 ( +2 / -0 )

MarkToday  08:29 am JST

The automobile theft industry still well and alive progressing just as much as the automakers themselves, in fact in some cases the two industries work together.

"..............in fact in some cases the two industries work together."

Can you explain that please, preferably with some evidence?

1 ( +3 / -2 )

This is not a police problem, CAN hacking is more of a security design problem (simplistically, the manufacturer). This will happen everywhere in the world. In order to prevent CAN hacking, the police had to be present at each car, see it being hacked, identify it as hacking and respond. And that is simply impossible.

However, what the police can do is check the VIN. The Japanese police don't normally check VINs during routine roadside checks, and from what I hear, they didn't even have a unified system of checking cars by VIN (and thus detecting stolen cars) in 2019. The car is reported as stolen, thus the VIN is "marked" and only removing it will help. The location of the VIN is not the same for all cars, it even varies by model revision. So removing/changing it is more complicated than, say, changing a license plate. But that would require the Japanese police to have an integrated and unified infrastructure and database connections. And that is quite a problem with all the FAX thingies..

3 ( +3 / -0 )

Best prevention is to take 4 tires and battery out of the car and put them in strongbox and steering wheel is locked when you park it home.

3 ( +4 / -1 )

This is real RnD. Maybe those firmware and software engineers from TMC and the suppliers would know how to do this, especially if they made the specifications, did the validation testing. Maybe some of the specifications got past the security checkpoints around gihon. A Foreign resident engineer from a foreign supplier designing a key ECU was once tapped on the shoulder one day by the chief engineer for cyber security. He asked him what is your company’s test spec for cyber security? TMC didn’t actually have any cyber security specifications until 2019 for the first time, can you believe that? And of course they just copied what the resident gave them. It’s not as hard as you think if you understand how the electrical architecture works and with all the CAN sniffing devices out there all you need is a good software engineer or two and a hardware expert. Start your impossible!

2 ( +3 / -1 )

This is what I really hate about how over-engineered things like cars are today. They make our lives more inconvenient than they need to be.

My old car back in the 90s:

Simple lock opened with a small key that cost the company almost nothing to produce. Key fit neatly onto a ring in my pocket. Not impossible, but messy and difficult for a thief to break into.

My wife's current 2017 model car (I don't drive):

The key is like a big remote control that needs batteries and is clunky and inconvenient to carry around in your pocket. The technology probably cost millions in R&D to develop and the things themselves cost more to produce than a regular key, yet they offer no tangible functional benefits to justify this. And now we learn that the overall system makes breaking into cars a much cleaner, hassle free experience for thieves.

5 ( +6 / -1 )

The key is like a big remote control that needs batteries and is clunky and inconvenient to carry around in your pocket

I think they should put back the manual lock and keys back at least as an option for users to use. And biometrics , probably fingerprint as primary way to open, practically all new phones and tablets have them

3 ( +3 / -0 )

Yes, my Lexus was hacked just the other day. Fortunately my backup vehicle, a Maserati which goes 185, was not touched. But I lost my license so now I don't drive.

2 ( +5 / -3 )

Does anyone here think perhaps these criminals can be convinced to work with society instead of against if properly financially rewarded? I do

-2 ( +1 / -3 )

very easy to put a fuel pump kill switch & steering lock did that on a car I owned in my home country, it was a high risk of stolen vehicle, broken into twice but the gave up.

2 ( +2 / -0 )

Japanese police struggling with growing number of 'CAN invaders' used to steal luxury cars

With this sort of thing, I am not exactly crying for the owners. If the manufacturer of these contraptions make they so easily hackable, live with it. Or install a good old pad-lock. Yep, that does not look very elegant, too bad.

1 ( +2 / -1 )

Smart, but very sloppy thieves! The owners of these cars could probably sue the car companies for not making such a valued asset more secure!

1 ( +1 / -0 )

As Ive posted before, my son worked in the UK at an car audio place where they saw this on a regular basis, thieves would and can take a car in just 2 seconds, no smashing the windows and hot wireing the ignition, etc, its simple, cars that have keyless entry are the easiest to take, why? the key fob is sending out a signal to the car, and when the car picks that code up, it will burst into life, but the down side is you can buy a code reader of a web site, all they have to do is be near you when you press the button, or your walking out to the car they pick up the code and then latter that night, transmit that signal to the car, the car thinks it you and hay presto, you hard urnt cash is being driven down the street. in some cases they just drive up your street, your key fob is still transmiting a signal!!! put in a steel box so they cant pick it up. Some co wont even insure range rovers any more because they are that easy to steal. i have an oldish Volvo, its got a key, the longer it takes to get into a car the crooks become less interested. BMW have a good system, the key fob and car change the coding every time you dress a botton on the key fob, so if a crook picks up the code, it will change, which makes it harder to steel.

2 ( +3 / -1 )

Same thing happened to me.

zurcroniumToday  12:08 pm JST

Yes, my Lexus was hacked just the other day. Fortunately my backup vehicle, a Maserati which goes 185, was not touched. But I lost my license so now I don't drive.

-3 ( +2 / -5 )

Most car manufacturers can remotely shut down a vehicle. They don't advertise this, but when you buy a car, you do not buy the ECU hardware and software - that is proprietary to the manufacturer. If they can locate the vehicle using GPS, they can turn it off. This from a Japanese BMW sales rep.

-1 ( +1 / -2 )

If it doesn’t work analogically it also won’t work digitally. lol

-2 ( +0 / -2 )

I don't know if it still is, but the Prius used to be the most stolen car in Japan. Not because of high-end demand for it, but because it was very easy to steal. It was the first mass market car Toyota put keyless entry plus push-button start in, and someone cracked all the codes on the key.

0 ( +1 / -1 )

Cars are so computerized nowadays, it's not like the old days of putting one together in the garage

0 ( +0 / -0 )

No ‘CAN’ do. My car is locked solid, unbreakable.

Goes 365.

And I have my license.

-1 ( +0 / -1 )

To prevent Relay theft, put your remote keys in a well -sealed aluminum foil when not in use.

Better store your car in an inconvenient place for the thieves. A friend had a showroom along a kokudou just near a major highway entrance. Thieves used cranes to lift two luxury cars. They didn't need to start the cars.

0 ( +0 / -0 )

Seems to me Lexus could be opening themselves up to lawsuits, by not adding some sort of cybersecurity to their vehicles.

0 ( +1 / -1 )

Does anyone here think perhaps these criminals can be convinced to work with society instead of against if properly financially rewarded? I do

I sure don't. Based on what I have seen in the business world, you can give someone honest, legal options and dishonest, illegal options and there are some who will always chose the dishonest and illegal course of action. I have been in business situations like this and you tear your hair out because the dishonest course of action is actually costing the company more money than doing things the right way. It seems to be how some people are wired, dishonest by nature and worse still they get indignant if you are honest and refuse to go along with their treachery.

1 ( +1 / -0 )

To prevent Relay theft, put your remote keys in a well -sealed aluminum foil when not in use.

Lol, my wife is lucky if she even knows where she set her keys down last. We have a designated place for keys but she never uses it. Then it is a daily crisis when she can't find her car keys. I always tell her they must be sitting next to her glasses and wallet .

2 ( +2 / -0 )

Login to leave a comment

Facebook users

Use your Facebook account to login or register with JapanToday. By doing so, you will also receive an email inviting you to receive our news alerts.

Facebook Connect

Login with your JapanToday account

User registration

Articles, Offers & Useful Resources

A mix of what's trending on our other sites