Toyota Runs a Car-Hacking Event to Boost Security (2024)
Posted3 months agoActive3 months ago
toyotatimes.jpTechstoryHigh profile
calmmixed
Debate
70/100
Automotive SecurityCar HackingIOT Security
Key topics
Automotive Security
Car Hacking
IOT Security
Toyota hosted a car-hacking event to identify and fix security vulnerabilities, sparking discussions on the challenges of securing modern vehicles and the industry's approach to electric cars.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
2h
Peak period
25
6-9h
Avg / period
10
Comment distribution110 data points
Loading chart...
Based on 110 loaded comments
Key moments
- 01Story posted
Oct 3, 2025 at 11:11 PM EDT
3 months ago
Step 01 - 02First comment
Oct 4, 2025 at 1:36 AM EDT
2h after posting
Step 02 - 03Peak activity
25 comments in 6-9h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 5, 2025 at 10:53 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45470206Type: storyLast synced: 11/20/2025, 6:39:46 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Add in over the air updates or worse, updated bluetooth or radio firmware and you find things like stopping a vehicle remotely at highway speeds[1]
[1] https://fractionalciso.com/the-groundbreaking-2015-jeep-hack...
I’ve been in this industry for 20-some years not a single system I’ve ever seen operates like that.
CAN over IP does not exist invehicles. IP over CAN doesn’t exist at all. UDS over IP does, but this is automotive Ethernet and an entirely different discussion.
With their current trajectory Toyota is headed at 1000mph directly towards being the next Blackberry, Kodak, Nokia or Blockbuster.
I say this as someone who owned a Prius for 10 years and loved it, and have also driven their hydrogen car. The BZ4X is badly named overpriced garbage, not enough and not good enough. The clock is ticking and they have to act yesterday to avert disaster and they're sitting their twiddling their thumbs.
Currently Tesla is the iPhone to Toyota's Nokia and they're going to have to work very hard very soon to turn that around or their company will die.
Also most places now tax EV registration with extra fee or per mile so you add fair share towards roads making hybrid TCO lower.
Toyota sells more cars than any other automaker. 2023 was a record sales year for Toyota. 2025 is looking like it will be another record year for them:
https://www.autoblog.com/news/nearly-900000-cars-sold-toyota...
Currently they only survive in the EU thanks to tarrifs on Chinese cars.
And I would say the opposite about Tesla, they experienced the biggest selling drop of all brands combined, if there's one brand going to crash first, I'd bet on Tesla.
The Renault 4, Renault 5 and Megan seem really competitive.
The new Nissan Leaf (made in UK) also looks pretty good.
VAG seem to have lost the plot (“let’s replace all the controls with a small, janky touch system that leaks personal information to hackers”) but their ID.7 isn’t total crap.
Comparing Renaults to the Chinese brands I’ve seen (MG and BYD) the Chinese brands were a bit cheaper but they really felt it with cheap interiors and uncomfortable seats. I’d rather pay a grand more and get a car I like.
I view all cars as depreciating liabilities and so have little interest in buy either Seal or its Mercedes equivalent.
Still, 5th is far from "eh" - on a test drive it ended up quite a nice Passat level car.
But all the bigwigs currently in Toyota are the age to have seen and lived that transition. It's not like they're new to battery tech.
And they say - wow look at that... nah, let's build hydrogen.
No, they're saying let's build cars. Because Toyota has been building hybrids for so long they already meet the fleet emissions standards they need to meet. There's no pressure on them to rapidly switch to BEVs.
BEVs will make up a greater percentage of Toyota's sales as time goes on. In the meantime, Toyota is perfectly happy setting company sales records.
I’m nowhere near the point of wanting an electric car to replace my hybrid. The convenience of petrol and the cost of electricity is too high. High electricity costs aren’t going to be fixed in my country any time soon so Toyota will continue to have a huge market here.
For long road trips I’ve never had an issue stopping to rest/stretch while fast charging for between 15-30 mins.
Compare periodic oil changes, spark plug changes, ignition coils, stolen catalytic converters, exhaust system, PCV system, air and fuel filters, brake pads, transmission fluid, and other ICE maintenance items with the electric drivetrain. At 120,000 km I've replaced the tires once and the brake pads look brand new. That's it. Even the windshield wipers are still in good shape for some reason.
Compared to that, EVs feel more like Wi-Fi or WiMAX device that owners would say theirs are daily drivable but only make Discord calls. Overall situation more closely resemble PDAs before iPhone.
It seems they know what they are doing. Toyota is a very profitable car manufacturer, with profit in 2024 more than Tesla and Volkswagen combined. Unlike Nissan, the maker of the best selling EV of all time, who is struggling very hard.
That being said, you can’t really compare the sales of all of Teslas to the sales of one specific form factor/model with any kind of seriousness. Nor do I think it’s a fair comparison to compare Tesla that has parted on various hype patterns over the years to tap the zealots into even becoming their free advertisement and marketing departments not unlike how Apple fanboy cult people at least used to be. Toyota is a mature, reasonable enterprise whose sales are orders of magnitude larger than Tesla’s and there are many people’s lives dependent on being reasonable when shifting things, not “disrupt” in a typical tech bro narcissistic way.
For context Tesla has roughly 2 million sales with 125,000 employees, Toyota has 11 million sales with 385,000 employees. I assume I don’t need to do the math for you.
And that’s without going into the various battery issues and the now conflicting electricity interests between EV and AI.
You’re counting customer-facing employees for Tesla and leaving them out for Toyota.
>And that’s without going into the various battery issues and the now conflicting electricity interests between EV and AI.
I do not understand what this means. Isn't the same gas used to power vehicles used to power turbines that provide electricity?
Japan can't build the batteries for BEV's at the necessary scale for global production. Yes China controls lithium but they also control some 95% of global battery grade graphite production, and anywhere from 60% to 90% production of manganese, cobalt, and nickle. Not to mention all of the components that those produce like the anodes and cathodes.
And the big problem with that is the Japanese genuinely fears there's going to be a war in the pacific. A big one. Fearful enough that Japanese government allocated $320 billion USD to be spent from 2024 to 2029 specifically to turn the JSDF into a proper military, and establish and sustain a new domestic military industrial complex.
The main flashpoint the Japanese are afraid of is a Chinese military attack on Taiwan, which leads two major possibilities. Either the US intervenes with the military, or it does not.
If the former, then China has to find a way to take away as many of the US Navy's advantages as they can. One of which is the major resupply facilities for the US 7th fleet in Yokosuka. Push comes to shove then I have little doubt that the Chinese will launch missiles into the Japanese harbors to deny the USN and JMSDF capability of repair and rearming via kinetic means. But I'm certain they'd prefer to pressure the Japanese into reducing or removing the US presence from Japanese docks.
Pressure like say being able to potentially cripple 10% of Japanese GDP that's in it's automotive sector if hypothetically Japan was dependent on Chinese exports of BEV batteries. Not exactly with precedent either; China tried to cut off Japan from rare earth metals once (admittedly that backfired on China) and China's recently put on export license restrictions on graphite.
Like it or not, the Japanese know it, the Chinese know it, and even the US is fully aware of it. The US is right now building new US navy bases in the Philippines just in case Japanese harbors become denied to the USN. Also why the Japanese are building up it's capability to strike not just far off Chinese naval assets but potentially into the Chinese mainland as well; the first an order for 500 US made Tomahawk missiles are already being installed right now on JMSDF destroyers.
On the other hands, if it's the former and the US chooses not to intervene... well it's gonna get very lonely for Japan out there all by itself.
You know the really sad part though? The Japanese were relenting a bit because they signed the US Japan Critical Minerals Agreement in 2023 which in effect promised no undue burden for the Japanese to get access to critical minerals. They just didn't dive head in because it was signed under the Biden administration.
Given the Trump administration's open hostility to BEV's, his erratic trade policies, and his open musing about withdrawing from mutual defense agreements (normally NATO but not a stretch to think he'd extend that to the Japanese US one as well I don't think they've made the wrong choice. Or rather more accurate that it's the least risky choice out of a bunch of awful choices.
https://www.ft.com/content/e33a2cbf-9a7e-4964-8914-c129d2947...
The absolute numbers are still small, but as momentum shifts to EVs, Japan's market share will collapse.
Toyota is following national direction where natural resources are scarce, including generating electricity. It's actually government's idea to chase hydrogen as a viable alternative to dyno juice.
>With their current trajectory Toyota is headed at 1000mph directly towards being the next Blackberry, Kodak, Nokia or Blockbuster.
Lol absolutely not. Toyota is well positioned with their hybrids while also having EV in the pipeline. Have in mind that great majority of world population has no viable means to charge their cars either reliably, cheaply or at all. Hybrids make great sense in great majority of use cases.
> Currently Tesla is the iPhone to Toyota's Nokia and they're going to have to work very hard very soon to turn that around or their company will die.
Oh FFS
Fixed that for you. I give Tesla another 2-5 years before their number is up and they'll limp along and become another also ran.
There's no way they can compete with what's to come and even what's happening now.
I have some friends, who are definitely not HN readers or avid followers of the EV market, and they've already swapped out their Teslas for BYD. It didn't take much for them to make the move. And what's coming is already far beyond what Tesla have on the table.
They had a good ride. And definitely should be credited with being the starting gun on one chapter of automotive revolution. But it's over for them (in the EV space). They know it too ... hence their attempted pivot to ... * insert flavour of the month*
To your point about BEVs, Toyota started producing BEV batteries at their plant in North Carolina this year: https://www.toyota.com/usa/operations/map/tbmnc
This sentiment doesn't match the practical reality. Toyota is the best selling automaker in the world.
In 2011 Toyota sold 7.9 million cars. In 2023 Toyota sold 11.2 million, a record sales year. It looks like 2025 might set a new sales record for Toyota:
https://www.autoblog.com/news/nearly-900000-cars-sold-toyota...
Toyota isn't getting the car business wrong. Toyota is getting it right.
BEVs will make up a greater percentage of Toyota's sales as time goes on. The notion Toyota somehow doesn't understand the car business is just false.
Have Tesla released any new models? The hot thing that people are waiting for right now is not really a new model, its the return of the turn stalk. I mean I get that they sell well because there is lack of options but if you take a step back, this is clown company behavior.
I bought a 2024 Toyota hybrid. I don’t care about electric vehicles and won’t bother reinvestigating them until 2034 at the earliest. I don’t see the problems with electric vehicles being solved anytime soon in the US.
Are current electronics (the consumer ones) good enough at scale to limit the time the round-trip car-key-car takes?
The only solutions I can see are software based keying and a mobile app or legally enforced security guarantees.
But the car manufacturers don’t give a fuck if your 3 years and one day old car gets stolen. You move to the next competitor, only for the same to happen in just over three years time. Repeat. Repeat. Repeat.
Wouldn't this require the phone to be trusted and not run unsigned software?
This does not solve the problem of the timing (but the sibling comment explained that this one has a solution)
They can't use a charger? (I imagine they'd wire one to an also stolen generator)
Then you assume they're gonna be in a car chase? That's not how most stolen vehicles end up.
Afaik most stolen vehicles either get quickly parted out at a chop shop, or are sent across a border (driven across borders or container shipped to another country), or used for other crimes, or they're joy rided around then abandoned. Basically all things you could easily do on a partial charge with a modern car mechanics skills.
Is app + Bluetooth or the NFC cards inherently more secure than traditional key fobs?
I imagine that the car companies either had strong hardware constraints in the key fob, or no security competency, or no interest in investing there.
Once they have driven 100m what happens?
There are two main reasons for that. Over use that if your key dies, you do not want your car to stop immediately, this is not safe. The second one is carjacking: you want the thieves to have a useless car further from you (that one is I belive just a collateral or a secon thought)
[0] - https://www.praetorian.com/services/automotive-penetration-t...
[1] - https://plaxidityx.com/
[2] - https://autocrypt.io/
It seems to me that the security of Tesla cars is pretty good, compared to that of the legacy automakers. You can't hotwire a Tesla.
Securing one computer is relatively easy when compared to the challenge of securing a veritable forest of hardware, as made by numerous suppliers.
Regarding the way that general attacks on car security systems happen, something has gone wrong with how all of it has been implemented. RFID works fine in many other applications, but they are doing it 'back to front' with automotive and it is just too easy to hack. I am not even sure it has been for features people really want. Remotely opening the car before you get in it has convenience value but we got in trouble with that.
Companies are responsible for their own security. You cannot try to hack them without their permission. Security researchers who do something like test the security of a car without the permission of the car manufacturer (like in this post) are committing a felony.
Also, companies are not responsible (liable) for their own poor security. If they do something like leak the private data of half the nation--shrug--what can you do?
How convenient for companies. It's literally a matter of national security; our national security is made worse by this status-quo, but at least companies aren't bothered by unwanted security researchers.
We need to pick a lane.
If companies want to be solely responsible for their own security, then they should also be solely reliable for any damages done by their own poor security.
Or, we can recognize that security is really hard and make it a team effort and setup laws to protect security researchers, and then special "events" wouldn't be needed for security research; anyone could test the security systems at any time, and especially people would be able to test the security of devices they own.
Not a single sentence here is correct.
>We need to pick a lane.
I imagine op would likely agree it isn't actually that monotoned and this was done for rhetorical purposes.
citation needed
Source: DMCA: https://www.law.cornell.edu/uscode/text/17/1201
I'm sure that spending a few hundred thousand dollars on lawyers might find a legal loophole, but I wouldn't count on it.
Why is it illegal to break the encryption of video game consoles? Whatever the answer is, the same can be applied to breaking the encryption of a car.
To your point, would most researchers want to spend lawyer money to test that ? Surely not.
Remember this? https://www.vice.com/en/article/this-is-the-hacking-investig...
A reporter pressed F12 to view the source of a web page and the Missouri governor spent months trying to charge him with a crime as part of a "felony investigation". Full weight of the state on his shoulders because he revealed something embarrassing about the state.
In practice if you embarrass a company, they will crush you legally. And sure, after you spend a few hundred thousand dollars on legal fees you'll probably win, and the company will have to say "our bad lol", but you'll still be out the legal fees.
IIRC Sony lost that court case where the Navy turned their Playstations into a supercomputer.
I'm not trying to argue, but I'm trying to state my understanding so someone can better help me understand. I really do want to know how many crimes I've committed lol
The immobilizer is the single best piece of technology for preventing car theft. If you create a backdoor for bypassing it, you'll end up like Hyundai/Kia which decided to sell cars without the immobilizer in recent years and which have turned into a joke in the minds of potential customers.
It does not require a battery in most cases and is separate from the keeloq system that controls your car's doors.
When that battery dies, you can press the directly to the start button and it uses a “receiver powered transmitter” RFID close proximity to start and run the vehicle.
Most people don’t know this, so when that battery dies they panic and suffer.
In my experience virtually everything made in last 15 years will either support this RFID backup or have a spare physical key hidden inside the keyless fob.
Lots of them will even let you press the dead key against some part of the exterior to unlock the doors too.
They just left that same antenna in place (in Chrysler+ anyhow, called SKIM) now as a backup instead of the primary.
you instead need to hold the fob up to the start button and it will work passively, rather than just being in the car normally. Glad they still give manuals with cars as I had to learn that without service.
What you describe would be exactly reason #1 I would immediately say to anybody on topic of why not saving desperately on such a thing, despite never being in such situation myself.
Sometimes learning from other's mistakes should be enough. No, mostly it should be enough.
Edit: RFID should not need battery…you can reprogram your own key by jumpering the correct OBD2 pins..process takes about 20 minutes…
[1] https://arstechnica.com/gadgets/2022/08/review-latest-lenovo...
[2] https://www.synaptics.com/company/news/selene-lenovo-power-b...
Then we could also talk about encryption, but at least making it a tad more difficult to have physical access.
Not that toyota is the only one. If you ever notice a car that has a reinforced grill protecting the front RADAR, or the rear lights... now you know why.