Thieves Steal Toyota RAV4 by Hacking Into Its Headlights

Chris Teague
by Chris Teague

It seems car thieves develop a new and annoying method for making off with people’s vehicles every week. The TikTok-inspired thefts have gotten so bad that some insurance companies won’t touch particular Hyundai and Kia models. We also learned of a new key fob method that could activate keys from inside owners’ homes. Ars Technica recently reported on an even sneakier new hacker-like threat that comes packed into a small Bluetooth speaker.

Following the theft of his Toyota RAV4, a London cybersecurity researcher discovered a frustrating new way for bad actors to steal vehicles. Thieves have improved their criminal methodology with a new CAN injection “hack.” A reporter was able to buy one of the devices needed for the process, which arrived built inside a JBL Bluetooth speaker. 

The CAN-injector, as it’s called, connects through the car’s wiring and sends messages that impersonate the smart key ECU. The Toyota RAV4 used in Ars Technica’s example can be accessed by accessing the headlight connector’s CAN bus, which is located behind the bumper. Thieves can also cut their way in to splice wiring together, but the damage caused during the process diminishes the stolen vehicles’ value.

Using its connection, the device can start and unlock the car. Amazingly, an experienced thief can get under the bumper and into the headlight wiring in under two minutes. Unfortunately, there’s no fix for this problem. The researchers outlining the process said they contacted Toyota with suggestions but haven’t heard back. 

[Image: Toyota]

Become a TTAC insider. Get the latest news, features, TTAC takes, and everything else that gets to the truth about cars first by subscribing to our newsletter.

Chris Teague
Chris Teague

Chris grew up in, under, and around cars, but took the long way around to becoming an automotive writer. After a career in technology consulting and a trip through business school, Chris began writing about the automotive industry as a way to reconnect with his passion and get behind the wheel of a new car every week. He focuses on taking complex industry stories and making them digestible by any reader. Just don’t expect him to stay away from high-mileage Porsches.

More by Chris Teague

Join the conversation
6 of 23 comments
  • Christopher Christopher on Apr 18, 2023

    What is the next step after losing money to Cryptocurrency scammers? I had lost considerable money in a dubious online investment and had given up any hope of recovering it. Recovering my lost money from those scammers was the last thing I could think of because I never believed it could be possible to get back Bitcoin sent to a wallet but I was proved otherwise. I was surfing the internet trying to know how these scammers operate to avoid falling into their trap hopefully when next I want to invest that's when I came across an article review posted by an individual about "How he recovered his lost Bitcoin" with the aid of ( (+351920258835). I read through the post and decided to reach the contact in the article. Lucky me, they came through for me recovering my 11.82 BTC I thought I had lost to those scammers. I highly recommend SPAMMER ROOTKITS for any Ethical hacking expertise.

  • Chloe Chloe on Apr 21, 2023

    My missing assets, totaling roughly $127,050, were recovered and gained back. I never thought I would be able to recover my trading cash, which was lost due to a broker who denied me access to my trading account for more than two weeks. It feels wonderful that I have no trouble recovering my money. If you have money in your account that you would like to remove, your broker manager is requesting you to make extra deposits before you may do so. Please get in contact with the Recovery Nerd Agency if you're unsure how to proceed with it; they can walk you through the steps to recover your lost money within a few working days. Get your sense of fulfillment back by contacting Recovery Nerd. Their personal email address is:

    • ToolGuy ToolGuy on Apr 21, 2023

      Chloe, congratulations on your good fortune! I would really enjoy a pizza right now. Can you buy me a pizza?

  • Crypto Crypto on May 25, 2023


    ASOREHACKCORP is a financial regulator, private investigation and funds recovery body. We specialize in cases as regards ETHICAL HACKING, CRYPTOCURRENCY, FAKE INVESTMENT SCHEMES and RECOVERY SCAM. We are also experts in CREDIT REPAIR, we analyze what’s impacting your score.

    All software tools needed to execute RECOVERIES from start to finish are available in stock.

    Kindly NOTE that the available tools does NOT apply to CREDIT FIX.

    Be ALERT to FALSE reviews and testimonies on the internet, the authors and perpetrators unite to form a syndicate.

    Contact our team as soon as you can via the email address below to book a mail meeting with an ethical hacker.

    Stay Safe out there !

  • Hellen Hellen on Aug 09, 2023

    Hello everyone I want to use this Medium to say big thank you to for they just helped me recover my stolen crypto worth $367,000 through their hacking skills I tried it I was skeptic but it worked and I got my money back, I’m so glad I came across them early because I thought I was never going to have my money back from those fake online investments website .. you can also contact them via

    www .ethicsrefinance .com

    You can also contact them for the service below

    * Recover lost/stolen crypto

    * Western Union/MoneyGram Transfer

    * Bank Transfer

    * PayPal / Skrill Transfer

    * Crypto Mining

    * CashApp Transfer

    * Bitcoin Loans