Car thieves are targeting Toyotas worldwide by hacking the codes on the ECU, through the lighting wiring harness. (it seems a simple hidden switch that disables the fuel pump is still the best way to keep thieves from stealing your vehicle)

Car thieves are targeting Toyota and Lexus models across Canada, Australia and the UK with a hack that can make these car’s security systems useless in minutes. They’re using a device called a CAN Invader that can bypass a vehicle’s immobilizer, unlock doors and start the engine

Modern cars have all their electronics connected via CANbus (Controller Area Network), a communication protocol used to connect to a car’s ECU. CANbus is used to control everything from stereo systems and electronic seats to a car’s lighting.

In Toyota’s case, thieves are gaining access to the CANbus by plugging in their hacking device into headlight wiring, by simply peeling back fender liners or by drilling holes in them. In some Lexus models, thieves are plugging in via the taillights. In minutes, the thieves use CAN injections, or lines of malicious code, to trick the car’s ECU into thinking a key is present, further unlocking doors and disabling the immobilizer, and finally starting the engine without triggering any alarms.

https://www.autoblog.com/news/thieves-are-stealing-toyotas-in-minutes-using-a-simple-headlight-hack