Removing the modem and GPS from my 2024 RAV4 hybrid

拆除 2024 款丰田 RAV4 混动版的调制解调器与 GPS

Modern cars are computers on wheels - they have more sensors than you can count and are constantly phoning home with telemetry data like your location, speed, fuel levels, sudden accelerations/decelerations, video footage, driver attention data from eye monitoring systems, and hundreds of other data points. Cars have inward- and outward-facing cameras. They have microphones. They have always-on modems. It’s all enabled by default with difficult or meaningless opt-outs, and your data is monetized through brokers like LexisNexis or Verisk. 现代汽车本质上是装了轮子的计算机——它们拥有数不清的传感器，并不断向厂商发送遥测数据，包括你的位置、速度、燃油水平、急加速/减速、视频片段、眼动监测系统的驾驶员注意力数据，以及数百个其他数据点。汽车配备了车内和车外摄像头、麦克风，以及始终在线的调制解调器。所有这些功能默认开启，且退出机制极其困难或毫无意义，你的数据则通过 LexisNexis 或 Verisk 等数据经纪商进行变现。

This all brings a host of security and privacy issues - here are some over the years: 这带来了一系列安全和隐私问题，以下是近年来的一些案例：

In 2025 Subaru had vulnerabilities allowing anyone to remotely unlock customers’ cars, as well as access the real-time GPS location and location history of the car. 2025 年，斯巴鲁（Subaru）被发现存在漏洞，允许任何人远程解锁客户车辆，并获取车辆的实时 GPS 位置及历史轨迹。
Car manufacturers share your driving data with insurance companies, which then increase your premiums. 汽车制造商与保险公司共享你的驾驶数据，保险公司随后会提高你的保费。
In 2023 Tesla employees internally shared camera footage of naked customers and other sensitive images. 2023 年，特斯拉员工在内部共享了客户裸体及其他敏感图像的摄像头录像。
In 2015 Charlie Miller and Chris Valasek famously took over a Jeep Cherokee with full control of the ignition, brakes, locks, steering, etc. 2015 年，Charlie Miller 和 Chris Valasek 成功接管了一辆吉普切诺基（Jeep Cherokee），完全控制了点火、刹车、车锁和转向等系统。
Mozilla detailed how 25 car manufacturers scored abysmally on privacy and how they collect data including “sexual activity, immigration status, race, facial expressions, weight and genetic information.” They sell this data to third parties and use it to build profiles about you covering “intelligence, abilities, characteristics, preferences, and more.” Mozilla 详细指出 25 家汽车制造商在隐私保护方面得分极低，它们收集的数据包括“性行为、移民身份、种族、面部表情、体重和基因信息”。他们将这些数据出售给第三方，并利用其构建涵盖你“智力、能力、特征、偏好等”的个人档案。
Tesla had a vulnerability in 2017 that allowed anyone to remotely see your car’s location, manage other features, and even summon the car to themselves. 特斯拉在 2017 年存在一个漏洞，允许任何人远程查看车辆位置、管理其他功能，甚至将车“召唤”到自己身边。
The Car That Watches You Back details how cars are now serving you ads, as well as collecting vast amounts of data about you. The Hacker News discussion about this article is what prompted this blog post. 《The Car That Watches You Back》一文详细介绍了汽车如何向你推送广告并收集大量个人数据。关于这篇文章的 Hacker News 讨论正是促成本篇博文的原因。

Now that we’re sufficiently motivated, what can we do about it? In this blog post, rather than relying on companies’ promises or meaningless opt-outs, we’re going to stop the data at the source by physically removing the modem (the DCM, or Data Communication Module) as well as the built-in GPS on my 2024 RAV4 Hybrid, so the car will no longer have the capability to send any telemetry data back home. Let’s dive in: 既然我们已经有了足够的动力，那该怎么办呢？在这篇博文中，我们不再依赖公司的承诺或毫无意义的退出选项，而是通过物理手段从源头切断数据传输——拆除我 2024 款 RAV4 混动版上的调制解调器（DCM，即数据通信模块）以及内置 GPS，这样汽车将不再具备向厂商发送任何遥测数据的能力。让我们开始吧：

Will the car still be functional?

汽车还能正常使用吗？

Yes. Depending on how different car manufacturers have wired their cars, how their software and firmware were written, etc., varying levels of functionality might be affected by removing the modem and GPS. For this car: 可以。根据不同汽车制造商的布线方式、软件和固件编写方式等，拆除调制解调器和 GPS 可能会对不同程度的功能产生影响。对于这款车：

Everything that relies on a data connection will no longer work. This includes things like over-the-air updates as well as Toyota cloud-based services and SOS functionality. 所有依赖数据连接的功能将无法使用。这包括 OTA 升级、丰田云服务以及 SOS 紧急呼叫功能。
This is a safety tradeoff - you’re disabling automatic crash notification and emergency calling. 这是一种安全权衡——你禁用了自动碰撞通知和紧急呼叫功能。
The car’s microphone is wired through the DCM, and in the absence of any other changes removing the DCM means the in-car microphone won’t work, which is inconvenient if you plan on taking calls in the car. However we’ll install a DCM Bypass Kit (discussed more below) to restore all functionality and have a working microphone. 车内麦克风通过 DCM 连接，如果不做其他改动，拆除 DCM 意味着麦克风将失效，如果你打算在车内接听电话，这会很不方便。不过，我们将安装一个 DCM 旁路套件（下文详述）来恢复所有功能并使麦克风正常工作。
CarPlay has a quirk: the phone uses its own GPS but also accepts a location signal from the car’s GPS unit. After removing the DCM, the car would get confused about its location and sometimes jump my position to the middle of Nevada (I live in San Francisco), making navigation annoying. To work around this we’ll fully disconnect the car’s GPS, so it can’t send a bad location to the phone. CarPlay 有个怪癖：手机使用自身 GPS 的同时，也会接收来自汽车 GPS 单元的位置信号。拆除 DCM 后，汽车会因无法定位而产生混乱，有时会将我的位置跳到内华达州中部（我住在旧金山），导致导航非常麻烦。为了解决这个问题，我们将彻底断开汽车的 GPS 连接，这样它就无法向手机发送错误的位置信息了。

From the title of the blog post you might have wondered why bother removing the GPS after we’ve removed the modem - who cares if the car has built-in location when it can’t phone home with that data? This is why. This is a well-documented bug with discussions on Apple Support threads as well as car-specific forums like rav4world. This bug affects more than just Toyotas, it’s a generic Apple bug even for people who haven’t removed their modem (but anecdotally removing my modem made the problem worse). 从标题你可能想问，既然已经拆除了调制解调器，为什么还要费心拆除 GPS？如果车无法向外发送数据，内置定位功能又有什么关系呢？原因就在这里。这是一个有据可查的 Bug，在苹果支持论坛以及 rav4world 等汽车论坛上都有讨论。这个 Bug 不仅仅影响丰田车，它是一个通用的苹果 Bug，即使是没拆除调制解调器的用户也会遇到（但根据我的经验，拆除调制解调器后问题变得更严重了）。

Removing the DCM and GPS may void parts of your warranty - just something to be aware of. Thanks to the Magnuson–Moss Warranty Act, it cannot void the whole car warranty. It can void coverage related to the work you did (cloud services, telematics, etc.) but unrelated failures like engine problems must still be covered. 拆除 DCM 和 GPS 可能会使部分保修失效，请务必注意。根据《马格努森-莫斯保修法案》（Magnuson–Moss Warranty Act），这不会导致整车保修失效。它只会使与你所做改动相关的功能（如云服务、远程信息处理等）失去保修，但发动机故障等不相关的问题仍必须在保修范围内。

So thankfully everything in the car remains 100% functional except the cloud-based services mentioned above, which I didn’t want anyway. There is also one critical caveat about Bluetooth: 值得庆幸的是，除了上述我本来就不想要的云服务外，车内一切功能依然 100% 正常。此外，关于蓝牙还有一个关键注意事项：

No more Bluetooth

禁用蓝牙

Important: Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota. However, if you use a wired USB connection then it does not do that (see the discussion here and elsewhere), so I exclusively use CarPlay via USB. I wish I had a way to completely disable the car’s Bluetooth functionality, but it’s deeply integrated into the head unit. 重要提示：即使拆除了调制解调器，如果你通过蓝牙将手机连接到汽车，汽车仍会利用你的手机作为互联网连接，并将所有遥测数据发送回丰田。然而，如果你使用有线 USB 连接，它就不会这样做（参见此处及其他地方的讨论），所以我只通过 USB 使用 CarPlay。我希望能彻底禁用汽车的蓝牙功能，但它与主机系统集成得太深了。

If you need USB cables for CarPlay I like these USB-A to Lightning and USB-A to USB-C cables from Anker. Or, if you prefer the convenience of Bluetooth, you can use a Bluetooth -> wired USB adapter like this one. The adapter receives Bluetooth from your phone and presents itself to the car as a USB device, so the car treats it like a wired connection and won’t tether through your phone. 如果你需要用于 CarPlay 的 USB 线，我推荐 Anker 的这些 USB-A 转 Lightning 和 USB-A 转 USB-C 线缆。或者，如果你更喜欢蓝牙的便利性，可以使用像这样的“蓝牙转有线 USB”适配器。该适配器接收来自手机的蓝牙信号，并以 USB 设备的形式呈现给汽车，因此汽车会将其视为有线连接，而不会通过你的手机进行网络共享。

Now, onto the necessary tools and parts: 现在，进入所需的工具和零件部分：

Tools/parts needed

所需工具/零件

For this project you’ll need: 对于这个项目，你需要：

A trim removal kit (I used this one) 一套内饰拆卸工具（我用了这一套）
A ratchet, extension, 10mm socket, and 8mm socket 棘轮扳手、延长杆、10mm 套筒和 8mm 套筒
I’ve been extremely happy with this set. However if you’re not planning on doing more handyperson type work then just borrow these 4 parts from a neighbor instead of spending the money on a whole set. 我对这套工具非常满意。但如果你不打算进行更多手工维修工作，建议直接向邻居借这 4 件工具，不必花钱买整套。
(Optional) A precision flathead screwdriver (like this one). This can help with disconnecting wire plugs. （可选）精密平口螺丝刀（像这种）。这有助于断开线束插头。