The Unexpected Way Thieves Are Using The Headlights To Get Inside Your Car

Tabor enlisted the help of another cybersecurity expert, Dr. Ken Tindell, and the two scoured the dark web and purchased an emergency start device for locksmiths for Toyota and Lexus vehicles for €5,000 ($5,419).

In a post on his Github blog, Tindell explained how the exploit works. “The thieves can use their CAN Injector device to send a fake CAN message [to] the door ECU that in essence says ‘Key is valid, unlock the doors.’ So they don’t even need to damage the car to break into it: they can simply open the door, get in, and drive the car away – all without needing the key.”

He further explained that Toyota could block the exploit with a software fix, but thieves could find a way around the fix, leading to a circular cat-and-mouse game between thieves and automakers. 

Kelley Blue Book advises car owners to rely on old-school anti-theft techniques to safeguard their vehicles. “Park it indoors or in a well-lighted area with regular foot traffic. Move it regularly, and notify local police if you find any trim pieces missing or dislodged.”