When writing the original story on the hackers, I wasn’t sure how they were actually using their laptops to break into the cars’ ignitions and drive them away. Many of our readers, though, had it all figured out immediately.
And their suspicions were confirmed via a statement from an FCA spokesperson to the Houston Chronicle. That statement includes a description to the Texas newspaper of how the thefts were orchestrated using Chrysler’s internal dealer software, DealerCONNECT:
...the thief broke into the vehicle and used a laptop to enter its VIN number in order to access the Chrysler database. Dealerships, repair facilities and locksmiths are usually the only ones allowed access to the database, which provides the code for key fob access. Once the thief enters the VIN number, he can re-program the car’s computer so it will accept a generic key fob. The car will then start, and the thief is able to drive off.
The new agreement tells dealerships that sharing “key codes, radio codes and other anti-theft or security measures” could have severe ramifications. It reads:
The Company may terminate access privileges, take disciplinary action up to and including discharge, and institute civil or criminal proceedings for violations of the Company’s policies, process guidelines or behavior guidance.
Automotive News writes that the Houston Police Department thinks the two men they caught were part of a ring of car thieves targeting Jeep Wranglers, Grand Cherokees and Rams pickups. The Houston PD also postulates that the ring has stolen over 100 cars, with intentions to “[transport] them across the U.S.-Mexico border, usually in the overnight hours before vehicle owners were aware they had been stolen.”
So, while initially, these thefts appeared to be sophisticated “hacks” using laptops and brilliant software nerds, based on Fiat Chrysler’s statement to the Houston Chronicle on how these guys just used dealership “re-keying” software, this all seems to be rather straightforward.
Still, it’s a reminder that dealerships have a lot of power and information that, if in the wrong hands, could send your car to a back alley in Tijuana.