Houston Jeep and Ram Thieves Aren't Hackers: FCA
Jeep and Ram vehicles are being snatched out of driveways in Houston, but the thieves aren’t hacking their way to a free ride, according to the automaker’s U.S. head of security architecture.
A rash of thefts over the past few months in the Houston area had owners of Jeep and Ram vehicles scratching their heads until a garage surveillance video posted by police showed two men making off with a Wrangler. One of the men appears to use a laptop to start up the vehicle, raising fears that tech-minded thieves have developed a program to override security features and commandeer certain vehicles.
Fiat Chrysler Automobiles is working with the Houston Police Department on the case, but claims the video is misleading.
“We don’t see anything that would be a security hack — there’s no new software or new tool used in any of these thefts,” Titus Melnyk, FCA’s senior manager of security architecture, told TTAC.
Opening the hood of a vehicle with tie-down latches and disabling a horn to prevent an audible alarm is a easy job for a thief, he said, and there are many ways of unlocking a vehicle. Once FCA staff watched the video, it became reasonably clear how the thief was able to drive off.
“Once they’re inside, they’re connecting a laptop which is running the software necessary to marry or join a key fob to the vehicle,” said Melnyk. “Not just anyone can do that — you need to have access to our systems in order to get the information necessary from each vehicle to marry a key fob. We’re working with law enforcement about how these thieves are getting their hands on those. This isn’t just a problem for us, it’s an auto industry issue. Dealers and locksmiths now, they’re all authorized to get this information. Based on what we’re seeing, it appears that they’re getting those PINs or vehicle-specific information for the vehicles they’re stealing in order to do this theft.”
For Melnyk and his team, the thefts aren’t due to a flaw in FCA hardware, but by “people abusing their privileges.” For the sake of the investigation, he couldn’t comment further on how the thieves gained access to the dealer information, but he stressed the vehicle’s systems are working as intended.
“When people see a laptop, I think they’re assuming something new is going on.”
FCA has reason to be sensitive to claims of its vehicles being hackable. Last year, it recalled 1.4 million vehicles over hacking concerns after it was demonstrated that the key driving functions of a Jeep Grand Cherokee test vehicle could be commandeered remotely. In that test, hackers exploited a weakness in the vehicle’s Uconnect infotainment software to gain access to more important functions.
FCA installed a software patch to prevent any remote tampering.
[Image: FCA US]
More by Steph Willems
Comments
Join the conversation
"These aren't hackers. They're just stealing information via computer, then using the computer to steal the car. That's not hacking." Errrrr.
Our two older BMWs (1996 and 2003) have keys with chips in them that are exclusively paired to the ECU. With each new car the owner received 4 keys: 2 normal, 1 valet and one emergency (all plastic) key. Each car has a 10 key lifetime allocation, counting the originals. Replacements are available through your BMW dealer, but have to be ordered in from the BMW mothership, and ID checks and proof of ownership are required. Other than the original 10 key allocation no new keys can be made to work with the ECU. A fairly secure system, although if your 10 keys are all gone you'll be in a world of hurt.