Hackers Used Fiat Chrysler's Dealership Software To Steal Over 100 Cars: Report

Photo: David Zalubowski/AP

A few weeks ago, I wrote a story about two men who had been caught hacking into and stealing Jeeps and Rams. Now Fiat Chrysler has updated its terms of use on DealerCONNECT and told the Houston Chronicle exactly how the thieves used the dealer software to steal cars.

When writing the original story on the hackers, I wasn’t sure how they were actually using their laptops to break into the cars’ ignitions and drive them away. Many of our readers, though, had it all figured out immediately.

Advertisement

And their suspicions were confirmed via a statement from an FCA spokesperson to the Houston Chronicle. That statement includes a description to the Texas newspaper of how the thefts were orchestrated using Chrysler’s internal dealer software, DealerCONNECT:

...the thief broke into the vehicle and used a laptop to enter its VIN number in order to access the Chrysler database. Dealerships, repair facilities and locksmiths are usually the only ones allowed access to the database, which provides the code for key fob access. Once the thief enters the VIN number, he can re-program the car’s computer so it will accept a generic key fob. The car will then start, and the thief is able to drive off.

Though not officially a response to the thefts, Automotive News points at that Fiat Chrysler has updated its Terms Of Use agreement for DealerCONNECT, a web-based portal that dealers use for vehicle service information.

Photo: Jeep
Advertisement

The new agreement tells dealerships that sharing “key codes, radio codes and other anti-theft or security measures” could have severe ramifications. It reads:

The Company may terminate access privileges, take disciplinary action up to and including discharge, and institute civil or criminal proceedings for violations of the Company’s policies, process guidelines or behavior guidance.

Advertisement

Automotive News writes that the Houston Police Department thinks the two men they caught were part of a ring of car thieves targeting Jeep Wranglers, Grand Cherokees and Rams pickups. The Houston PD also postulates that the ring has stolen over 100 cars, with intentions to “[transport] them across the U.S.-Mexico border, usually in the overnight hours before vehicle owners were aware they had been stolen.”

So, while initially, these thefts appeared to be sophisticated “hacks” using laptops and brilliant software nerds, based on Fiat Chrysler’s statement to the Houston Chronicle on how these guys just used dealership “re-keying” software, this all seems to be rather straightforward.

Advertisement

Still, it’s a reminder that dealerships have a lot of power and information that, if in the wrong hands, could send your car to a back alley in Tijuana.

Share This Story

About the author

David Tracy

Writer, Jalopnik. 1979 Jeep Cherokee Golden Eagle, 1985 Jeep J10, 1948 Willys CJ-2A, 1995 Jeep Cherokee, 1992 Jeep Cherokee auto, 1991 Jeep Cherokee 5spd, 1976 Jeep DJ-5D, totaled 2003 Kia Rio