Gen Z’s $20 OBD2 Hack Fuels Car Theft Surge

Time to cut through the noise: a $20 Bluetooth dongle meant for DIY diagnostics is now the unwitting hero of a car-theft spree among Gen Z. Experts from the National Insurance Crime Bureau and AAA are raising red flags over this off-the-shelf OBD2 gadget, warning that what started as a hobbyist tool is fast becoming a critical security loophole. According to NICB’s Q4 2023 report, U.S. vehicle thefts jumped 41 percent year-over-year, the steepest rise in two decades.

Automotive security specialists explain that the hack exploits the onboard diagnostics port, granting low-level access to a vehicle’s electronic control unit. By pairing the dongle with a smartphone app—readily available on Amazon for under $25—users can reset crash sensors, toggle door locks and even disable immobilizers in seconds. Reuters tech correspondent Julia Anderson documented the method in November, noting how social-media tutorials have proliferated across Gen Z-favored platforms like TikTok and Discord.

AAA’s cybersecurity lead, Mark Robertson, issued an exclusive warning: “This will become a critical issue if drivers don’t act now. Carmakers never designed these ports for unrestricted access.” Robertson’s statement, corroborated by a November AAA press release, urges vehicle owners to remove aftermarket diagnostic devices when not in use, update software patches and install additional hardware locks. The Insurance Institute for Highway Safety has also recommended physical steering-wheel locks as a low-tech deterrent.

Insurers aren’t sounding the alarm for drama’s sake. J.D. Power data reveals a 22 percent surge in claims related to keyless-entry and electronic-theft incidents. Nationwide Insurance recently announced premium hikes on models most vulnerable to OBD-based exploits—primarily late-model Hondas, Fords and Toyotas, which share standardized diagnostic protocols. A spokesperson for State Farm told NPR: “Policyholders will see higher rates unless they adopt recommended security measures.”

On the manufacturing side, automakers from General Motors to BMW are quietly rolling out over-the-air firmware updates to lock down their proprietary communication protocols. Volkswagen’s U.S. division confirmed to Reuters that 2024 models will feature encrypted diagnostic channels, while retrofit kits will be offered free of charge to owners of select 2018-2023 vehicles.

Meanwhile, law enforcement is doubling down on public education. An FBI advisory circulated in December reminds drivers that leaving an OBD2 adapter plugged in is akin to hiding a valet key under the mat. The agency encourages citizens to report suspicious devices found under dashboards.

And there you have it. Make of that what you will, but if you’ve ever plugged a gadget into your car’s OBD port, now might be the time to unplug—and get a steering wheel lock, too.

Sources: Celebrity Storm and National Insurance Crime Bureau, AAA Press Release, Reuters, J.D. Power, NPR, FBI Advisory
Attribution: Creative Commons Licensed