[Nextgrid]

Instead of running high-current switched power to headlights (and have some module doing the switching) you can just run a constant power and a couple network wires everywhere, with the headlight itself doing the switching based on orders from the network.

It's not a bad design per-se, the problem isn't that the headlight is on the network or that the network is accessible to the outside - the problem is that in the automotive industry a lot of what happens on that network is "secured" by obscurity and any "security" is more there to keep the legitimate owner/independent repair shop out than actual bad guys as you can see.

Someone must've reverse-engineered the security by obscurity - my guess is they reversed the factory flashing procedure allowing them unrestricted read/write to the ECUs' ROM where they can either write their own keys' codes or outright patch out the immobilizer check.

[LinuxBender]

I guess it makes sense. It just feels like there should be a separate bus for that rather than dumping it all on the same bus used by the engine controls.

[Nextgrid]

There are multiple buses, and a gateway between them. The separation is more for reliability and/or bandwidth concerns than security, though given the terrible track record of the industry I wouldn't trust a hypothetical "secure gateway" from them either.