Kiwi hacker Lachlan Temple has found holes in a popular cheap car tracking and immobilisation gadget that can allow remote attackers to locate, eavesdrop, and in some cases cut the fuel intake to hundreds of thousands of vehicles, some while in motion.

the flaws allow attackers who log into any account — including a universal demonstration account – to log into any of the 360,000 units ThinkRace claims it sold without need of a password.

Source: Hundreds of thousands of engine immobilisers hackable over the net

Basically he increments the cookie.