For as long as there have been electronic devices, humans have been trying to find ways to circumvent them for personal gain. A string of automobile thefts today in Chicago saw as many as 100 Car2go Mercedes rideshare cars disappear through a series of fraudulent rentals. Chicago PD released a statement saying that 16 individuals were arrested in connection with the investigation.
Chicago PD clarifies the incident as follows:
“We were alerted by a car rental company that some of their vehicles may have been rented by deceptive or fraudulent means through a mobile app. Due to the information provided by the company, numerous vehicles have been recovered and persons of interest are being questioned. We are working with the company to determine whether there are any other vehicles whose locations cannot be accounted for. At this time, the recoveries appear to be isolated to the West Side. The investigation is ongoing.”
This browser does not support the video element.
While some have reported the fraudulent rentals as “hacking” Car2go communications director Michael Silverman made clear by email that no such hack occurred. “None of our member’s personal or confidential information has been compromised, and no other SHARE NOW North American cities have been affected,” Silverman commented. He continued, “This is an instance of fraud isolated to Chicago, and we are currently working with law enforcement there to neutralize the issue. Out of an abundance of caution and safety for our members we have temporarily paused our Chicago service, and we apologize to our Chicago members for that inconvenience.”
Car2go rentals are kept locked with the keys inside. By using the app on your phone, you can trigger the doors to unlock with a code input at the right moment. Once inside, you simply locate the key and start the car, paying by the minute for use. It’s a pretty simple system, as you can see in the video below. I’ve used similar apps in other cities before.
Car2go operates a fleet of Mercedes-Benz CLA and GLA-class vehicles in Chicago, as well as Smart ForTwo. The incident was allegedly contained to the West side of the city, and seems to have been perpetrated by an organized group of people.
Local investigative reporter Brad Edwards indicates that the stolen cars were used to commit crimes, it would seem he intends that to mean above and beyond grand theft auto and alleged credit card fraud, I suppose.
The Car2go Merecedes were unlocked with the app, then. Some speculate that this was done with stolen credit card data. For their part, Car2go does not seem to indicate that any app vulnerabilities existed, and claim no customers should be worried about their data.
This is an ongoing situation, and we will update as information becomes available. No indication has been made yet as to when the service might be returned to normal operation. Some of the cars are still unaccounted for.