Two men have stolen more than 100 vehicles by using a laptop running a common software that’s used by technicians and auto dealers.
The two criminals, Michael Arce, 24, and Jesse Zelaya, were identified and arrested by the police in Houston and were accused of using a pirated software for the car thefts.
The duo allegedly used a software running on the laptop to reprogram the targeted vehicles’ electronic security, in this way they can use they own key to access the vehicle and steal it.
According to the authorities that are investigating the case, the men may have exploited an electronic vulnerability to steal the vehicles.
The two thieves are specialized on new Jeep and Dodge vehicles, both manufactured by Fiat Chrysler, these models are easy to sell on the black market in Mexico.
“As you get more and more computers installed in vehicles — if somebody has that knowledge and that ability, they can turn around and figure out a way to manipulate the system,” said the Houston police officer Jim Woods.
Fiat Chrysler and the authorities are investigating the case, in particular, it is important to understand if the crooks got access to a computerized database of codes used by dealers, and how. Data in the database are used by auto repair shops to replace lost key fobs.
The investigation began in late May after the theft of a Jeep Wrangler in Huston, local police received information from federal Homeland Security and Immigration and Customs Enforcement officers about vehicles being stolen using a pirated software running on a laptop.
The two criminals were arrested in Huston, the police also recovered electronic devices, keys, and other tools believed used in the thefts.
The two men have also been filmed during a theft of a Jeep Wrangler, the surveillance video shows the suspects got under the hood, cut wires of an alarm and then jumped inside the SUV. Once inside, he used the database and the vehicle identification number to program a new key fob for the Jeep.
Once inside the vehicle, the criminals used the laptop running the software that accessed the database of the vehicle identification number to program a new key fob.
The Fiat Chrysler spokesman Berj Alexanian explained that the code database contains information related to vehicles across the country.
“We’re looking at every and all solutions to make sure our customers can safely and without thinking park their vehicles,” Alexanian said.
The massive introduction of technology in modern vehicles is enlarging their surface of attack, for this reason, car hacking is becoming a scaring reality.
The number of possible attacks to modern vehicles is increasing day by day with the continuous study conducted by researchers in the IT industry.
The security of modern vehicles must be completely reviewed trying to assess all the attack scenarios and adopt the necessary countermeasures through the installation of multiple layers of defense.
The major car vendors, including Fiat Chrysler, are seriously investing in cyber security, their vehicles are tested by skilled hackers and some companies have already launched bug bounty programs.
(Security Affairs – Car thefts, Car Hacking)