High Tech Thieves Steal 30 Dodge Vehicles With A Laptop And Software Hack
Some people take Grand Theft Auto V a little too seriously, either that or just live that sort of life for real. Houston police officers have just announced that they have arrested two men accused of stealing at least thirty Dodge and Jeep vehicles with a laptop computer and a simple software hack.
Michael Arce has been charged with with felon in possession of a weapon, possession with intent to deliver a controlled substance and unauthorized use of a motor vehicle. His partner in crime Jesse Zelaya has been charged with unauthorized use of a motor vehicle. The police have been watching them for a while, but were unable to catch them in the act until last Friday.
How did Arce and Zelaya do it? They reportedly would hook up their laptop to the vehicles, upload pirated software, turn on the vehicles, and quietly drive away. Chrysler dealerships, repair facilities and locksmiths have access to databases that list the key codes with key fobs that are used to open and start vehicles. The key fob can access network services and other information and it's possible that employees have sold their username and passwords to these databases to criminals.
The criminals then buy generic key fobs, find the vehicle's VIN number, and log onto the database. They can then reprogram the fob key and unlock the vehicle, start it and simply drive off. The actual robbery can take place in as little as six minutes. It is estimated that since November 2015, at least one hundred vehicles have been stolen this way in the Houston-area with thieves then driving across the United States-Mexican border. It is possible that Arce and Zelaya are part of a larger operation. Homeland Security has also gotten involved in the case.
Representatives from Fiat Chrysler remarked, “FCA US takes the safety and security of its customers seriously and incorporates security features in its vehicles that help to reduce the risk of unauthorized and unlawful access to vehicle systems and wireless communications. To date, FCA has NOT been able to identify any employees who may be selling their database access to criminals.”
It's not the first time Jeep vehicles have been proven vulnerable to software hacks. Back in 2015 security researchers remotely hacked Jeep steering and braking systems using the vehicle's UCconnect feature.
Michael Arce has been charged with with felon in possession of a weapon, possession with intent to deliver a controlled substance and unauthorized use of a motor vehicle. His partner in crime Jesse Zelaya has been charged with unauthorized use of a motor vehicle. The police have been watching them for a while, but were unable to catch them in the act until last Friday.
Michael Armando Arce (left) and Jesse Irvin Zelaya (right) - Credit: Houston Police Department
How did Arce and Zelaya do it? They reportedly would hook up their laptop to the vehicles, upload pirated software, turn on the vehicles, and quietly drive away. Chrysler dealerships, repair facilities and locksmiths have access to databases that list the key codes with key fobs that are used to open and start vehicles. The key fob can access network services and other information and it's possible that employees have sold their username and passwords to these databases to criminals.
The criminals then buy generic key fobs, find the vehicle's VIN number, and log onto the database. They can then reprogram the fob key and unlock the vehicle, start it and simply drive off. The actual robbery can take place in as little as six minutes. It is estimated that since November 2015, at least one hundred vehicles have been stolen this way in the Houston-area with thieves then driving across the United States-Mexican border. It is possible that Arce and Zelaya are part of a larger operation. Homeland Security has also gotten involved in the case.
Representatives from Fiat Chrysler remarked, “FCA US takes the safety and security of its customers seriously and incorporates security features in its vehicles that help to reduce the risk of unauthorized and unlawful access to vehicle systems and wireless communications. To date, FCA has NOT been able to identify any employees who may be selling their database access to criminals.”
It's not the first time Jeep vehicles have been proven vulnerable to software hacks. Back in 2015 security researchers remotely hacked Jeep steering and braking systems using the vehicle's UCconnect feature.
