More than 200 cars stolen using pirated software

More than 200 cars stolen using pirated software

Two men accused of using pirated computer software to steal more than 100 vehicles may have exploited an electronic vulnerability to advance auto theft into high-tech crime. They are currently in jail in Houston.

Michael Arce, 24, and Jesse Zelaya, 22, focused on new Jeep and Dodge vehicles, which attract big money on the black market in Mexico. The men allegedly used a laptop computer to reprogram the targeted vehicles’ electronic security so their own key worked.

The stolen vehicles had a common software that’s used by auto technicians and dealers, Houston police officer Jim Woods says.

“As you get more and more computers installed in vehicles — if somebody has that knowledge and that ability, they can turn around and figure out a way to manipulate the system,” he says.

Fiat Chrysler, which makes Jeeps and Dodges, and police are investigating how the thieves got access to a computerised database of codes used by dealers, locksmiths and independent auto repair shops to replace lost key fobs, says Berj Alexanian, a spokesman at the company’s US headquarters in Auburn Hills, Michigan.

He says the code database is national and includes vehicles in areas outside of Houston, although he wasn’t aware of similar thefts elsewhere. “We’re looking at every and all solutions to make sure our customers can safely and without thinking park their vehicles,” he says.

With more automotive tasks becoming computerised and more cars being linked to the internet, such thefts are likely to increase across the globe, says Yoni Heilbronn, a computer security expert.

The auto industry has worked hard in the past year to develop protections, but hackers with multiple motivations will always be looking for ways to get in, says Heilbronn, vice president of marketing for Argus Cyber Security, an Israeli company that works with automakers.

While increased computerisation brings safety benefits, Heilbronn foresees more thefts, malicious software being installed that shuts down cars until a ransom is paid, and even attacks that disable many cars at a time. The industry, he said, has to install multiple layers of defence.

Automakers have been working together to develop best practices and to share information on cybersecurity threats. Companies, including Fiat Chrysler, have their own hacking teams and have offered bounties to outside hackers if they find vulnerabilities.

The Houston investigation began in late May with the theft of a Jeep Wrangler. Leads in that case had been exhausted when investigators received information from federal Homeland Security and Immigration and Customs Enforcement officers about vehicles being stolen using a laptop. Arce and Zelaya then were identified as suspects.

The two men, who each have criminal records, were arrested last weekend driving a stolen Jeep Grand Cherokee after police had been concentrating on an area of Houston that had been hit previously by auto thieves. They also recovered electronic devices, keys and other tools believed to be used in the thefts, along with drugs, firearms and body armour.

In the Jeep Wrangler case caught on a surveillance video, the suspect got under the hood, cut wires to the horn to disable an alarm and then got inside the SUV. Once inside, he used the database and the vehicle identification number to programme a new key fob for the Jeep.

« | »

Let us know what you think

Loading Facebook Comments ...

Road Tests

Silver Sponsors

Car and SUV Team

Richard-Edwards-2016Richard Edwards

Managing editor

linkedinphotoDarren Cottingham

Motoring writer

robertbarry-headRobert Barry

Chief reporter

Ian-Ferguson-6Ian Ferguson

Advertising Consultant

debDeborah Baxter

Operations Manager

RSS Latest News from Autotalk

RSS Latest News from Dieseltalk

Read previous post:
Community driver programme reaches milestone

The Community Driver Mentor Programme (CDMP) assisted 500 young people successfully sit their restricted driver licence test yesterday in line...

Close