Fiat Chrysler Cracks Down on Data Violators After Ram/Jeep Theft Ring Bust
A Houston-area vehicle-theft ring that used laptops to enter, then steal, over 100 Jeep and Ram vehicles exposed a serious internal security breach at Fiat Chrysler Automobiles.
Now that two arrests have been made in the case, FCA is talking tough and threatening criminal proceedings against anyone who provides outsiders with key vehicle data, Automotive News reports.
Earlier this year, Houston police noticed a trend in vehicle thefts. Certain Ram and Jeep models disappeared from driveways and garages more than any other model, and a private security camera eventually captured one thief using a laptop to enter a Jeep Wrangler, disable its security system, then drive off.
Suspicion fell on hackers, but FCA’s security head told us last month that the thefts aren’t the result of a purpose-built gadget or device.
“Not just anyone can do that — you need to have access to our systems in order to get the information necessary from each vehicle to marry a key fob,” Titus Melnyk, FCA’s senior manager of security architecture, told TTAC, adding that the thefts were the result of someone “abusing their privileges.”
On Thursday, the automaker updated the terms of use for its internal DealerCONNECT software. FCA now threatens “civil and criminal proceedings” against those who provide outsiders with “key codes, radio codes and other anti-theft or security measures.”
Houston police say the thieves used a laptop, OBD-II plug and software to make off with the vehicles, most of which had crossed the Mexican border by the time their owners noticed them missing.
A FCA spokesperson told the Houston Chronicle that thieves entered the vehicle identification number of a target vehicle into a FCA database to access the code for that vehicle’s key fob. After programming the vehicle’s security system to accept a generic key fob, the Jeep or Ram was theirs for the taking.
The vehicle-theft ring is still active in the Houston area, according to police, and more arrests are likely. Neither the police nor FCA have stated exactly how thieves accessed the automaker’s VIN database.
[Image: Fiat Chrysler Automobiles]
More by Steph Willems
Comments
Join the conversation
This highlights a problem in security systems in general. For automobiles, where the owner may indeed need access to a car (lost keys etc) some kind of a back door is necessary. And as demonstrates here the back door ultimately is a fatal weakness. But the losses were individual vehicles Yet this is what some in government are trying to push on data encryption. The FBI feels they are entitled to read any communication on demand, but creating a universal back door like that WILL (not 'probably' but definitely) be leaked. Then everyone's communication becomes exposed to hackers, thieves, hostile governments (which could include the US).
excuse me but this issue can be solved by putting a portion of a 3x5 card over the vin. correct? low tech solution to a high tech problem.