Yes that is a popular way as well but in South Florida they are doing it the way you described first. They know this because when they are arresting people they have extra modules and keys that go with them. Infiniti has also said this way would work. I was told it’s under the steering wheel but I don’t think they know exactly where it is just that there using new modules.That method isn't as simple as you describe. There's no control module under the steering column that controls vehicle security. The only control module that stores key fob codes and compares them to received RF fob signals is the BCM that is located in the passenger side wheel well behind the dash side finisher. Accessing the BCM to swap out with another BCM also requires reconfiguration of the new BCM with a CONSULT tool, otherwise the BCM will not function properly. While this procedure is technically possible, the time required to do this would take too long for the comfort of most car thieves.
A lot simpler and faster method being used to spoof PKES (Passive Keyless Entry Systems) these days is the "relay attack" method. Using readily available power amplifiers and circuitry from the internet, criminals can boost the low frequency signal from one of your key fobs while it's in your house and relay it to the BCM. These "black boxes" can have a range of up to 1000 feet. The car thinks the fob is next to the car and allows the car to be unlocked and started in a matter of seconds. Driving out of range of the key fob will not stop the engine but only display a PKES error stating the key fob is out of range.
There is also another method that has been shown to work but is more complex. This requires a laptop and RF transmitter than can bombard the BCM with thousands of authorization codes until the right one is selected and the car is unlocked and able to be started.
These relay attack boxes are becoming more prevalent and certainly puts the Q50 and any other car that uses PKES in danger of burglary or car theft. If this is a concern to you because of your neighborhood and that your car is parked outside of a locked garage, then there is a simple way to thwart these relay attack boxes. Put your key fobs in a Faraday Cage to block the fob's RF signal from being detected.
There are RF shielded security pouches you can put your fob in (eg. FobGuard) that you can buy or you can simply fashion your own Faraday Cage by making a pouch out of aluminum foil and putting your fob inside. This is similar to products that provide protection from people walking by you with black boxes and reading your credit card's chip information while it's in your wallet or purse.