Car2Go Thieves Test Car-sharing Vulnerabilities

Matt Posky
by Matt Posky
car2go thieves test car sharing vulnerabilities

After suspending manual background checks to encourage fresh users in April, Daimler subsidiary Car2Go found itself with a problem in Chicago — its new customers were stealing cars by the gross.

On the April 15th, the ride-sharing service notice an uptick in usage that was well above the norm. However, as the day progressed, the company found that a lot of its higher-end vehicles weren’t coming back. Instead, they were convening on Chicago’s West Side. Two days later, the Chicago Police Department announced that it had been notified by Car2Go that some of the company’s vehicles may have been rented by deceptive or fraudulent means and was officially on the prowl for justice.

Since the company keeps digital tabs on rental vehicles at its offices using GPS, the thefts were doomed from the start. Rather than immediately chop the cars up, much of the criminal element seemed content to just have a newish Mercedes-Benz CLA or GLA (nobody wanted the Smarts) for personal use. Despite a handful of the rentals having been stripped of their doors, or worse, the majority of the stolen rides were reportedly found intact. Several of the suspects even posted videos of themselves online, bragging about “their” new Mercedes whist joyriding.

About 75 cars we stolen in total, some of which were already being rented out to the thieves’ neighbors. Police reported they had charged 21 individuals a couple days after the heist. Apparently, the suspects’ collective defense was that the cars actually belong to them… you can guess how well that worked.

“This was a unicorn incident for us as a company,” Car2Go spokeswoman Kendall Kelton told Bloomberg on Thursday. “We’ve never seen this type of fraudulent activity and this scale ever, ever.”

While the technological might of giant corporations (and satellites) ultimately made the thefts a failure, it does raise a lot of questions about connected fleet vehicles and cyber security. Car2Go said that roughly 20 people set up a glut of fake accounts in Chicago on April 13th utilizing stolen or bunk credit card information. From there, all the thieves had to do was book a car and drive it away.

Despite being larger and slightly more organized, these types of thefts are on the rise. Electric scooter firms have struggled endlessly with thefts and the situation has spilled over into short-term car rental services. Car2Go ended up reverted back to conducting manual checks on new customers and it’s easy to see why.

From Bloomberg:

When Enterprise Holdings Inc. stopped operating its car-sharing service in Chicago in 2017, it also cited high rates of fraud and vandalism. When ReachNow introduced its service in Brooklyn, N.Y., in 2016, so many vehicles began disappearing that it was difficult for paying members to find any. The company, which had used an automated approval process, suspended its service and switched to manually reviewing new applications, according to a former employee who asked not to be identified disclosing private operational decisions. ReachNow resumed service but stopped operating in Brooklyn permanently in 2018, a decision resulting in part from continued fraud.

For Car2Go, it hasn’t been unusual for customers to create legitimate accounts, check out high-end vehicles, then lease them to nonmembers for short periods at inflated prices, according to someone familiar with its fraud problems who wasn’t authorized to discuss them. This practice, a violation of Car2Go’s rules, has been an issue in Chicago since the company started operating there, the person says. In several cases, hackers with lists of email addresses and passwords have written scripts to locate car-sharing accounts using those credentials. Once they find the accounts, they sign out cars and disable their GPS trackers, causing them effectively to disappear.

[Images: Daimler]

Join the conversation
4 of 17 comments
  • Im stunned nobody spent 1000$ on a old cargo container and just started parking cars in them to block the gps, then disable the gps on their own time. Some of the rentals were fake ID's .. this could have been way worse.

    • See 1 previous
    • Gtem Gtem on Jul 15, 2019

      @WallMeerkat Load shipping container onto waiting truck, gone!

  • Maisey Maisey on Jul 13, 2019

    It surprises me how quickly a myth can be accepted by unthinking writers. Car2go is not part of the ‘sharing economy’ and is only one of many companies that have successfully implemented misleading marketing campaigns to position themselves as social and environmentally responsible organizations. Car2go is a car rental company owned by Daimler who manufacture both Mercedes and Smart cars. The rental model involves street parking and per minute billing which is 10x higher than traditional car rental companies.

  • Chuck Norton For those worried about a complex power train-What vehicle doesn't have one? I drive a twin turbo F-150 (3.5) Talk about complexity.. It seems reliability based on the number of F-150s sold is a non-issue. As with many other makes/models. I mean how many operations are handle by micro today's vehicles?
  • Ravenuer The Long Island Expressway.
  • Kwik_Shift A nice stretch of fairly remote road that would be great for test driving a car's potential, rally style, is Flinton Road off of Highway 41 in Ontario. Twists/turns/dips/rises. Just hope a deer doesn't jump out at you. Also Highway 60 through Algonquin Provincial Park in Ontario. Great scenery with lots of hills.
  • Saeed Hello, I need a series of other accessories from Lincoln. Do you have front window, front and rear lights, etc. from the 1972 and 1976 models
  • Probert Wow - so many digital renders - Ford, Stellantis. - whose next!!! They're really bringing it on....