Thieves can use laptop computers to hack into vehicles' electronic ignition systems

2016 Jeep Grand Cherokee / Car Thieves Turn to Hacking as More Cars Rely on Software
Image: Jeep
July 07, 2016
Updated: August 08, 2016

Hackers are at it again—but this time they may be stealing consumers' cars instead of their data.

A number of incidents over the past year have cast doubt on the advisability of integrating computer software into vehicles due to security problems. Last July, owners of select Fiat Chrysler models were notified that hackers were able to gain access to several systems in their vehicles, including the radio, the brakes, and even the engine, due to a loophole in the vehicles' software. Shortly after this incident, security holes in the software installed in certain Tesla vehicles were discovered that allowed hackers to connect a laptop to the vehicle's computer, start it up, drive it, plant a Trojan virus in it, and then turn off the engine remotely.

The National Highway Traffic Safety Administration (NHTSA) eventually determined that 2.8 million vehicles were vulnerable to security breaches. To correct the problem, Tesla remotely issued a software update to each vehicle affected, but owners of Fiat Chrysler vehicles had to either bring their vehicles to a dealership or use a USB drive to update their software.

Now it appears that Fiat Chrysler vehicles may still be at risk. The Wall Street Journal (WSJ) reports five recent incidents in Houston in which thieves appear to have stolen Jeeps by using a laptop to hack into the vehicles' software. One such incident was even caught on video by the owner's home security camera.

"If you are going to hot-wire a car, you don't bring along a laptop," Senior Officer James Woods of the Houston Police Department's auto antitheft unit told WSJ regarding the incident. "We don't know what he is exactly doing with the laptop, but my guess is he is tapping into the car's computer and marrying it with a key he may already have with him so he can start the car."

Titus Melnyk, Fiat Chrysler's senior manager of security architecture for North America, theorized that someone who had access to a dealer's website might have sold vehicle information to a thief, who could then enter in the vehicle identification number (VIN) on the site and retrieve a code. That code could then be entered into the vehicle's computer to make it accept the thief's key fob.

Although several private companies are working on solutions to the vehicular cyber-protection issue, officials still have no leads on the Houston auto thieves, even with the video recording of one of the thefts.

"We still haven't received any tips," said Officer Woods.

Although consumers may think this is a new development in the history of auto theft, The International Business Times reports that in reality "owners of cars with keyless entry systems all over the world have already been reporting such incidents to the authorities for years, and yet the same car fob systems are still being used by car manufacturers."

The incidents occurred at a particularly difficult time for Fiat Chrysler. The company issued a recall in April of this year for about 810,000 vehicles due to a transmission problem that could lead drivers to believe their vehicle was parked when it actually was not. Less than two months later, Star Trek actor Anton Yelchin was killed when his Jeep Grand Cherokee, which had been included in the recall, rolled down his driveway and crushed him against a mailbox, bringing the issue to the attention of the public.

Update: The Washington Times reports that police in Houston have arrested two men in connection with using software to steal more than 100 vehicles, which may have ended up in Mexico.