Cyber Knowledge Can Get You Brand New SUV, for Free

This post is also available in: עברית (Hebrew)

Two men jailed in Houston and accused of using pirated computer software to steal more than 100 vehicles may have exploited an electronic vulnerability to advance auto theft into high-tech crime.

The men focused on new Jeep and Dodge vehicles, which attract big money on the black market in Mexico, authorities said. They allegedly used a laptop computer to reprogram the targeted vehicles’ electronic security so their own key worked.

The Houston investigation began in late May with the theft of a Jeep Wrangler near downtown. Leads in that case had been exhausted when investigators received information from federal Homeland Security and Immigration and Customs Enforcement officers about vehicles being stolen using a laptop. The two then were identified as suspects.

The stolen vehicles had a common software that’s used by auto technicians and dealers, Houston police officer Jim Woods said on the matter:” As you get more and more computers installed in vehicles — if somebody has that knowledge and that ability, they can turn around and figure out a way to manipulate the system,”

Fiat Chrysler, which makes Jeeps and Dodges, and police are investigating how the thieves got access to a computerized database of codes used by dealers, locksmiths and independent auto repair shops to replace lost key fobs, said Berj Alexanian, a spokesman at the company.

Popularmechanics.com quoted Yoni Heilbronn, vice president of marketing for Argus Cyber Security, an Israeli company that works with automakers. He said that with more automotive tasks becoming computerized and more cars being linked to the internet, such thefts are likely to increase across the globe.

While increased computerization brings safety benefits, Heilbronn foresees more thefts, malicious software being installed that shuts down cars until a ransom is paid, and even attacks that disable many cars at a time. The industry, he said, has to install multiple layers of defense.

Automakers have been working together to develop best practices and to share information on cybersecurity threats. Companies, including Fiat Chrysler, have their own hacking teams and have offered bounties to outside hackers if they find vulnerabilities.