Published:2020/03/30  Last Updated:2020/03/30

A vulnerability in TOYOTA MOTOR's DCU (Display Control Unit)


TOYOTA MOTOR's DCU (Display Control Unit) contains a vulnerability which is triggered by BlueBorne vulnerability.

Products Affected

2017 Model Year DCUs are affected.
These DCUs are mounted on the vehicles listed below:

  • Vehicle: LC, LS, NX, RC, RC-F, CAMRY, SIENNA
  • The period of time: October 2016 to October 2019
  • Region: Worldwide regions except Japan
For details, refer to [Vendor Status].


TOYOTA MOTOR's DCU contains a vulnerability which is triggered by BlueBorne vulnerability.


An unauthenticated attacker may cause a denial of service (DoS) condition or execute an arbitrary command on the DCU.
Certain vehicle operations may be conducted via DCU.
According to the developer, critical vehicle controls such as driving, turning, and stopping are not affected.

For details, refer to the information under [Vendor Status] and [References].


Update DCU
The developer states that the update fixing this vulnerability is available.

For the details, refer to [Vendor Status].


  1. Tencent Keen Security Lab
    Experimental Security Assessment on Lexus Cars
  2. CERT/CC Vulnerability Note VU#240311
    Multiple Bluetooth implementation vulnerabilities affect many devices

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Base Score: 8.2
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
Base Score: 6.5
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)


This analysis assumes that the attacker has the knowledge on internals of the targeted vehicle and its components, accesses the DCU via Bluetooth, and sends diagnostic commands to ECUs of the vehicle.
Availability impact is evaluated as "Low/Partial" since the developer states that the critical vehicle controls (driving, turning, stopping, etc.) are not affected.


TOYOTA MOTER CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2020-5551
JVN iPedia