When writing the original story on the hackers, I wasn’t sure how they were actually using their laptops to break into the cars’ ignitions and drive them away. Many of our readers, though, had it all figured out immediately.
And their suspicions were confirmed via a statement from an FCA spokesperson to the Houston Chronicle. That statement, Automotive News says, includes a description to the Texas newspaper of how the thefts were orchestrated using Chrysler’s internal dealer software, DealerCONNECT:
…thieves entered the vehicle identification number of a target vehicle into an FCA database, which contains the code for that vehicle’s key fob. From there, the thief could reprogram the vehicle’s security systems to accept a generic key fob, allowing the thief to drive off with the vehicle.
The new agreement tells dealerships that sharing “key codes, radio codes and other anti-theft or security measures” could have severe ramifications. It reads:
The Company may terminate access privileges, take disciplinary action up to and including discharge, and institute civil or criminal proceedings for violations of the Company’s policies, process guidelines or behavior guidance.
Automotive News writes that the Houston Police Department thinks the two men they caught were part of a ring of car thieves targeting Jeep Wranglers, Grand Cherokees and Rams pickups. The Houston PD also postulates that the ring has stolen over 100 cars, with intentions to “[transport] them across the U.S.-Mexico border, usually in the overnight hours before vehicle owners were aware they had been stolen.”
So, while initially, these thefts appeared to be sophisticated “hacks” using laptops and brilliant software nerds, based on Fiat Chrysler’s statement to the Houston Chronicle on how these guys just used dealership “re-keying” software, this all seems to be rather straightforward.
Still, it’s a reminder that dealerships have a lot of power and information that, if in the wrong hands, could send your car to a back alley in Tijuana.