As a software developer, my first thought was why doesn't the security ECU send error frames when someone else is using its own address? Then I saw the teardown of the hacking device and it makes sense. They didn't just use a microcontroller and a transceiver. They used a modified transeiver that applies a short-circuit to the CAN bus to force send a 1 when the security ECU wants to send a 0, and the engine ECU will accept the packet because it was built assuming a malicious device would just send bad data, not bad data + a short-circuit. This is hardware hack just as much as a software hack.

Just down the road from me, a neighbor had hints that someone was checking out his almost brand new Lexus. So, on a warm summer Saturday night, he was ready. He put two of his 'babies' in the back seat under a big blanket. The thieves broke the lock on the small driveway gate in and were just about to pull out of the driveway, when Rottweiler #1 and Doberman #1 decided to get up from the back seat floor and kiss the guys ear. At that the chase was on. As well, Rottweiler #2 and Doberman #2 joined in the fun. The thieves were caught and spent quite awhile in hospital healing from their wounds. From there they have a meeting with some nice police men who want to have a little chit chat with them and a judge who also wants to have a wee little talk with them. Now, I heard via the grapevine that the baddies tried to sue the owner of the Lexus but was laughed out of court. I gotta get me some cute little doggies.

First thing you can do is modding. First take apart the front and reinforce it and bolt it back on from the inside so it can no longer be popped off without the hood open. Second, buy a extension for both headlights and reroute the wire through the engine bay inside a metal pipe. Third, install extremely loud collision alarms around the headlights and front panels. Forth, use a cloud based cam system with interior hidden camera with sound. Install hidden GPS trackers. You can even create a CANBUS killswitch

My Mercedes needs open heart surgery to get to the wiring hardness on the headlights.

My car was stolen in 5 minutes using this hack. They even cut off my steering wheel lock

It seems the ghost immobiliser 2.0 is really the overall best solution, in conjunction with a good old mechanical lock of some type. OBD port blockers are basically useless now if they can access the car from the headlights. Apparently ghost is immune to this, they'll get inside the car but won't be able to start it.

The CAN bus took the place of what the ignition switch used to do? All of electronics run through the ignition switch in most vehicles.

Saw a lot of Lexus’ being stolen like this, I really wonder why police don’t bait and arrest the buyers/dealers of stolen cars who create a market for stolen vehicles.

Best way to stop the thieves? good old fashioned cut out switch, probably the best and cheapest security gadget you can have.

I wish they would steal my beat up 2012 Corolla LE with 183k miles on it. Give me a reason to upgrade my car, but the darn car is so durable it won’t die SO I KEEP ON DRIVING IT

The name can bust is crazy lol whoever agreed to make all cars have this feature knew eventually thieves will learn about it

Avoid buying the top five most stolen makes in USA/Canada: Acura/Honda, Lexus/Toyota, Jeep/Dodge, Land Rover and Ford. Next, use a steering wheel club lock. And if you can, stick to older vehicles with physical, metal ignition keys - you can still get nice VWs, Nissan, Subarus, GM and others from 2018 or so thus equipped. This will decrease the odds of your car being stolen. Bonus points if you drive a manual transmission. For example, no one in Africa wants your 2017 Mitsubishi Outlander with 2wd and manual shift.

Why would the automakers rush to patch it? More incentive to buy another vehicle if it gets stolen. Just get good insurance. I wish there's a new car with removable steering wheel that just plugs in and out easily.

Install a battery or fuel pump cut out switch or do both.

This car theif would not breath again if I saw him

Candy's Dandy but Liquor's Quicker...

Just how are you to access the headlight wiring? it's deep inside the vehicle, more likely they will clone your key then drive it to a secure shop where they can access and reprogram the Can-Bus for export to Africa.

Get yourself an IGLA or Starline i96 immobilser, It blocks Can Bus Injection and Relay attacks. It uses factory buttons as a pincode. Only the owner knows the pincode.

How do car owners get information on updates to prevent this from happening

Would an install of the Ghost II Immobilizer stop this type of auto theft.

So what's the point? You don't advise how to prevent this.

Lol, my 30 yr old vehicle has headlights that have no connection to the ECU... good luck getting my vehicle this way. It's still a super easy vehicle to steal though. If you can turn the starter switch, it will start, simple as that... so the brute screwdriver trick works on my vehicle so... my truck may get the last laugh on this specific vulnerability... but that's a small consolation in comparison to having been laughed at for years by cars that have long surpassed my vehicle's level of security so... uh, yeah. Don't take my cocky laughter as anything other than me still being way less secure than you probably are, but still enjoying a small sliver of a silver lining in my storm cloud...

Turn off your key FOBs. Use a steering wheel lock/club. Nothing's foolproof but if your car looks like it's going to be too much trouble for a thief, he'll move on to the next one.

Yeap they just got my new Camaro SS the other night

Not in mine. My ignition is disable by this tech. So FU to the thieves.

So we got Toyota’s BAF headlights vs say Audi’s headlights, Audi headlights would have far more communication with the CAN due to their complexity… but we don’t see any “headlight break’n’enters” with Audi as we do Toyota?! Considering Audi are “the global” choice for thieves, why isn’t this approach being used?!… could it be that Toyota have just left a gaping hole in their vehicle security, just like Hyundai/Kia, Jeep and BMW???

You would think The FBI would have fun watching hackers and snatching them up. Why don't they mention it?

If the battery is NOT CONNECTED will the thief's tool work?

Just get in the habit of pulling a few key fuses on your car like the fuel pump for example, without that the car wont even run for you..

Pin to drive and no normal can bus Tesla.

More calculated by the min I swear! I hate thieves go get a fucking job! If you’re able to do all this with technology imagine wat u can do in the working world with it?

Stock with 2010 and under model any brand gas car ....there a way even thieves can get in car ....but only the owner know how to make car drive long distance

Autotrader using scare tactics so folks will buy used cars instead of new cars. LOL. It is easier to "break in" to the passenger compartment than getting to the headlight wiring harness.

@ashleybrown889