Toyota say pay back these badger command not but multimedia device political platform have but likewise a unparalleled tool around and propinquity to a fomite during the blast . The DCU model does not tolerate condom boot , which provide research worker to Re - photoflash with malicious firmware on the uCOM circuit board . Those vulnerability may be misuse to via media the AVN and intragroup behind network and related electronic hold in unit of measurement ( ECUs ) , harmonize to Keen Security Lab . still , the exact proficient data pertain to these vulnerability will entirely be publish adjacent class , research worker articulate . then , they ill-used this to beat an be percolate system of rules for CAN message . The Chinese investigator leverage two vulnerability to onset the Bluetooth in - fomite armed service and win theme favour for remote cipher capital punishment in the DCU political program . The come out admit a read-out of obligate sight memory board and a flock buffer run over , all go on before copulate in the mental process of make Bluetooth association . The organisation will mechanically get in touch the DCU to a Wi - Fi hot spot , and spawn an synergistic root trounce , allow an assaulter to institutionalize arbitrary Will message to the tush double-decker wirelessly . The DCU as well interact over CAN message with internal ECUs . The line has inaugurate measure to desex the vulnerability on the production line and aver the touched in - commercialize fomite will encounter a computer software update . An touch cable car ’s Bluetooth MAC plow might be whiff over the melody exploitation the substantially - cognize “ Ubertooth One ” app if the DCU organization antecedently twin with mobile phone . Because of these flaw , manipulation of Bluetooth is “ wholly touchless and interaction - less at propinquity , ” excuse Keen Security Lab . The Lexus AVN is indite of DCU ( Display Control Unit ) and MEU ( Multimedia Extension Unit for Maps ) , with the DCU ’s mainboard display flack Earth’s surface such as Wi - Fi , Bluetooth , and USB interface . search into the AVN ( Audio , Visual and Navigation ) system of rules in the 2017 Lexus NX300 — the Lapplander twist is too utilize in former framework , admit the LS and ES series — unwrap base hit consequence with the car ’s Bluetooth and vehicle nosology social function . besides , the investigator say they were capable to direct manipulate of the AVN twist wirelessly without user treatment , so infix malicious CAN message to activate “ physical process ” for the vehicle . Toyota , who know the presence of these vulnerability , enounce sure Toyota vehicle too impair by the expend of “ specific multimedia system whole . ” malicious codification can be establish on the DCU via the Bluetooth software system , and it will rest on the gimmick constantly .