Texas Cops Blame Hackers for Jeep Thefts

Mobile cybersecurity risks continue to mount.

by on Jul.08, 2016

In an image caught by a security camera, a thief looks around before entering a Jeep Wrangler.

The thief spends a moment, nervously looking around before entering the Jeep Wrangler parked in the owner’s Houston, Texas driveway. Once behind the wheel, he opens a laptop computer and spends a couple minutes tapping on the keyboard. Suddenly, the engine starts up, he shifts into gear and drives off.

That event, caught on video by a home security system, was one of several vehicle thefts reported recently that suggest a potential change in the way car thieves are doing their work, hacking into vehicles’ computer control systems, rather than hotwiring the cars.

The Last Word!

“We think it is becoming the new way of stealing cars,” said Roger Morris, a vice president at the National Insurance Crime Bureau, told the Wall Street Journal. “The public, law enforcement and the manufacturers need to be aware.”

Hacking, on a broader scale, has become an issue of serious concern among auto industry insiders and regulators alike, National Highway Traffic Safety Administration chief Mark Rosekind telling automakers earlier this year that it should become one of their highest priorities.

(Hacked Mitsubishi spotlights cybersecurity concerns. Click Here for the story.)

That point was underscored last month when British tech firm Pen Test Partners was able to use a built-in diagnostics port to gain access to the computer control system on a plug-in hybrid version of the Japanese SUV. A year earlier, another security firm showed it possible to hack into a Jeep, demonstrating the risk by remotely driving the vehicle into a ditch. That forced Fiat Chrysler Automobiles to order a recall of 1.4 million vehicles to patch a software vulnerability in its vehicles.

The thief uses a laptop computer, possibly to pair his own key to the Jeep.

BMW and subsidiaries Mini and Rolls-Royce also have been forced to recall vehicles due to a potential hacker vulnerability. And Nissan shut down a smartphone app for its Leaf electric vehicle because of its own potential risks.

The fear is that hackers could might try taking control of, or shutting down, a vehicle while driving. But that’s just one concern, according to Roger Ordman, a marketing manager with Harman International, the multinational electronics firm that recently acquired TowerSec, an Israeli firm considered a leader in vehicle electronic security.

“A hacker might not be about crashing your car into a wall but wanting to know where you are and accessing personal information,” Ordman told TheDetroitBureau.com. Add stealing cars to that list.

Today’s vehicles typically contain more electronics than the typical home or office and plenty of ways to access them. Much of the focus has been on the security gaps that could be opening up through wireless communications systems — anything from the 4G LTE hotspots many automakers are adding to the remote tire pressure monitoring systems now required by law.

In the case of the Houston theft and several others in the city, another possible vulnerability could be the OBD II onboard vehicle monitoring interface.

“We don’t know what he is exactly doing with the laptop,” Houston Officer James Woods, who has spent 23 years in the Houston Police Department’s auto antitheft unit, told the Journal. “but my guess is he is tapping into the car’s computer and marrying it with a key he may already have with him so he can start the car.”

(After a decade of decline, highway deaths rising sharply again. Click Here for more.)

A Fiat Chrysler official confirmed concerns that the thieves may have gotten hold of a system used by dealers to pair the vehicles with a new key, one they already had in hand. That could be as simple as access to a dealer website where knowing a vehicle’s VIN, or unique identification number, can provide the necessary codes to marry car and key.

An industry summit is expected to address the broader issue of mobile cybersecurity later this month, attendees ranging from General Motors CEO Mary Barra to U.S. Transportation Secretary Anthony Foxx.

While hacking will be a central issue, the reports from Houston and other parts of the country could make the threat of high-tech theft one of the gathering’s hot topics of conversation.

(Despite holiday driving record, gas prices are dropping. Click Here for the latest.)

Tags: , , , , , , , , , , ,

One Response to “Texas Cops Blame Hackers for Jeep Thefts”

  1. Dan K says:

    Seems like the perp should not be too hard to find. You have his picture, and by looking in the dealer website database, you can see what user account tapped into the system and searched on the VIN # of that vehicle, and the VIN in known by the vehicle owner. Then, if he remapped the vehicle to a key he had in his possession, where did that key come from? Someone who could have 1) got a login to the dealer website, 2) gotten access to an unmapped key, and 3) looks exactly like that guy in the picture should make for a fairly small population.

    And, I’d say that guy looks more like a car salesman than a car thief. It was the perfect crime except for the home video security system. Always check for cameras first, ding dong. Or at least where a hat and nylon stocking. I’m sure the boys in state prison will love him.