Police in Houston have two suspects in custody and believe they used laptop computers to steal and then export more than 100 vehicles.
The arrests were a major break in a case that had stymied authorities, leaving few clues other than a video taken by a security camera set up by the owner of a Jeep that was among the vehicles stolen. Investigators believe the two exploited a weakness in Jeep and Dodge products that allowed them to hack into the vehicles’ electronic ignition systems.
The thefts have highlighted growing concerns about automotive cybersecurity, a threat that has drawn warnings from a variety of authorities, including the FBI, as well as the National Highway Traffic Safety Administration. Experts fear that as automakers load more technology onto their products, tomorrow’s cars will become even more vulnerable to hackers and thieves.
(FBI warns motor vehicles increasingly vulnerable to hacking. For more, Click Here.)
Houston police have so far filed charges against Michael Armando Arce, 24, and Jesse Irvin Zelaya, 22, in relation to the case. They were nabbed when police spotted them trying to steal another Jeep in the city.
“The suspects went out and did the routine we hoped they would,” said Houston Police Department Senior Officer Jim Woods. “They went out to a target rich environment where they had stolen vehicles before.”
When searching the homes of the two suspects, police found electronic gear, keys and other tools believed to be connected to the thefts. They are believed to have stolen 100 or more Jeep Wranglers and Cherokees, as well as Dodge pickups, then driven them to Mexico.
“There’s a possibility they may not be the only ones that are doing this,” Officer Woods said during a news conference. “But right now, we feel that if they are the only ones doing this. With this arrest, we should be able to curb the amount of thefts that have been occurring,”
While the Houston police might have ended the rash of thefts, they may have just uncovered what experts fear will become a growing problem.
A key break in the case occurred when a Jeep Wrangler was stolen near downtown Houston on May 25th. The owner’s security camera showed two men breaking into the vehicle, then one of the thieves opening up a laptop computer. After tapping on the keys for several minutes, the vehicle was driven away.
(Hacked Mitsubishi spotlights cybersecurity concerns. Click Here for the story.)
It is suspected that the thieves accessed a dealer database to allow them to program their own keys to fire up the vehicle’s electronic ignition.
This is, apparently, the latest take on the classic thief’s truck of hotwiring a car. And it serves as warning, experts suggest, that even the most high-tech systems can be defeated. If anything, the flood of new technology going into today’s cars raises serious new concerns.
Modern vehicles are adding a variety of wireless communications systems, such as onboard 4G LTE WiFi hotspots. Even the wireless tire pressure monitoring systems, or TPMS, required on all new vehicles, could give hackers a path into the vehicle, experts warn.
“You’re providing more services and more access,” said Saar Dickman, CEO of the Israeli-based cybersecurity firm, TowerSec. “You want to embrace innovation, but you have to understand the risks that come with it.”
The auto industry is finally taking note, as was made clear during a day-long automotive cybersecurity summit in Detroit last month. That includes Fiat Chrysler Automobiles which recently began offering a “bug bounty,” rewards of up to $1,500 to so-called white hat hackers who can uncover potential software flaws in the maker’s vehicles.
“The idea is to go out to the hacker community itself and ask for help,” explained Casey Ellis, CEO and founder of Bugcrowd, a San Francisco-based hacker collective that is running the bug bounty program for FCA. “Crowdsourcing is very effective when applied to this sort of problem.”
(For more on FCA’s bug bounty program, Click Here.)