Toyotas can be stolen by getting access to CAN bus through the headlight
asahi.comThere's stories popping up in the UK, US and Canada recently about this vulnerability.
From a comment in the reddit thread below:
"Thieves are gaining access to the left headlight computer sub-assembly by peeling back the plastic splash guard, where they can stick a couple of pins into the CAN_H and CAN_L wires in the wiring harness plug."
https://www.reddit.com/r/rav4prime/comments/zlddrj/new_theft...
https://www.rav4world.com/threads/can-invader-attack-unstopp...
This may be a dumb question but why specifically does the headlight need to be connected to the CAN bus?
Instead of running high-current switched power to headlights (and have some module doing the switching) you can just run a constant power and a couple network wires everywhere, with the headlight itself doing the switching based on orders from the network.
It's not a bad design per-se, the problem isn't that the headlight is on the network or that the network is accessible to the outside - the problem is that in the automotive industry a lot of what happens on that network is "secured" by obscurity and any "security" is more there to keep the legitimate owner/independent repair shop out than actual bad guys as you can see.
Someone must've reverse-engineered the security by obscurity - my guess is they reversed the factory flashing procedure allowing them unrestricted read/write to the ECUs' ROM where they can either write their own keys' codes or outright patch out the immobilizer check.
I guess it makes sense. It just feels like there should be a separate bus for that rather than dumping it all on the same bus used by the engine controls.
There are multiple buses, and a gateway between them. The separation is more for reliability and/or bandwidth concerns than security, though given the terrible track record of the industry I wouldn't trust a hypothetical "secure gateway" from them either.