Police and car insurers say thieves are using laptop computers to hack into late-model cars’ electronic ignitions to steal the vehicles, raising alarms about the auto industry’s greater use of computer controls.
The discovery follows a recent incident in Houston in which a pair of car thieves were caught on camera using a laptop to start a 2010 Jeep Wrangler and steal it from the owner’s driveway. Police say the same method may have been used in the theft of four other late-model Wranglers and Cherokees in the city. None of the vehicles has been recovered.
“If you are going to hot-wire a car, you don’t bring along a laptop,” said Senior Officer James Woods, who has spent 23 years in the Houston Police Department’s auto antitheft unit. “We don’t know what he is exactly doing with the laptop, but my guess is he is tapping into the car’s computer and marrying it with a key he may already have with him so he can start the car.”
The National Insurance Crime Bureau, an insurance-industry group that tracks car thefts across the U.S., said it recently has begun to see police reports that tie thefts of newer-model cars to what it calls “mystery” electronic devices.
“We think it is becoming the new way of stealing cars,” said NICB Vice President Roger Morris. “The public, law enforcement and the manufacturers need to be aware.”
A homeowner’s security-camera video shows thieves in Houston using a laptop to thwart electronic-ignition control and start a 2010 Jeep Wrangler and drive away.
Fiat Chrysler Automobiles NV said it “takes the safety and security of its customers seriously and incorporates security features in its vehicles that help to reduce the risk of unauthorized and unlawful access to vehicle systems and wireless communications.”
On Wednesday, a Fiat Chrysler official said he believes the Houston thieves “are using dealer tools to marry another key fob to the car.”
Titus Melnyk, the auto maker’s senior manager of security architecture for North America, said an individual with access to a dealer website may have sold the information to a thief. The thief will enter the vehicle identification number on the site and receive a code. The code is entered into the car’s computer triggering the acceptance of the new key.
The recent reports highlight the vulnerabilities created as cars become more computerized and advanced technology finds its way into more vehicles. Fiat Chrysler, General Motors Co. and Tesla Motors Inc. have had to alter their car electronics over the last two years after learning their vehicles could be hacked.
Fiat Chrysler last year recalled 1.4 million vehicles to close a software loophole that allowed two hackers to remotely access a 2014 Jeep Cherokee and take control of the vehicle’s engine, air conditioning, radio and windshield wipers.
Startups and auto-parts makers also are getting involved in cyberprotections for cars.
“In an era where we call our cars computers on wheels, it becomes more and more difficult to stop hacking,” said Yoni Heilbronn, vice president of marketing for Israel-based Argus Cyber Security Ltd., a company developing technologies to stop or detect hackers. “What we now need is multiple layers of protection to make the efforts of carrying out a cyberattack very costly and deter hackers from spending the time and effort.”
San Francisco-based Voyomotive LLC is developing a mobile application that when used with a relay switch installed on the car’s engine can prevent hackers with their own electronic key from starting a vehicle. Its technology also will repeatedly relock a car’s doors if they are accessed by a hacker.
This month, U.S. Secretary of Transportation Anthony Foxx is slated to attend an inaugural global automotive cybersecurity summit in Detroit. General Motors Co. Chief Executive Mary Barra and other industry executives are scheduled to speak.
Automotive industry trade groups are working on a blueprint of best practices for safely introducing new technologies. The Auto-Information Sharing and Analysis Center, created by the Alliance of Automobile Manufacturers and the Global Automakers Association, provides a way to share information on cyberthreats and incorporate cybercrime prevention technologies.
‘We have no idea how many cars have been broken into using this method…’
—Roger Morris, National Insurance Crime Bureau
In the Houston car theft, a home-security camera captures a man walking to the Jeep and opening the hood. Officer Woods said he suspects the man is cutting the alarm. About 10 minutes later, after a car door is jimmied open, another man enters the Jeep, works on the laptop and then backs the car out of the driveway.
“We still haven’t received any tips,” the officer said.
The thief, says the NICB’s Mr. Morris, likely used the laptop to manipulate the car’s computer to recognize a signal sent from an electronic key the thief then used to turn on the ignition. The computer reads the signal and allows the key to turn.
“We have no idea how many cars have been broken into using this method,” Mr. Morris said. “We think it is minuscule in the overall car thefts but it does show these hackers will do anything to stay one step ahead.”
Write to Jeff Bennett at firstname.lastname@example.org
Car hacking is the future – and sooner or later you’ll be hit
Security is finally being taken seriously but the fact that we are increasingly entrusting our lives to self-driving cars creates unease
By Alex Hern
Sunday 28 August 2016 10.56 EDT
“Car companies are finally realising that what they sell is just a big computer you sit in,” says Kevin Tighe, a senior systems engineer at the security testing firm Bugcrowd.
It’s meant to be a reassuring statement: proof that the world’s major vehicle manufacturers are finally coming to terms with their responsibilities to customers, and taking the security of vehicles seriously.
But given where Tighe and I are talking, it’s hard not to be slightly uneasy about the idea that it’s normal to sit inside a massive computer and trust it with your life. We’re meeting at Defcon, the world’s largest hacking conference, just outside the “car-hacking village”, a recent addition to the convention’s lineup, where enthusiasts meet to trade tips on how to mess about with those same computers for fun and profit.
Read the rest:
Tags: Argus Cyber Security, auto industry, Bugcrowd, bypass ignition controls, car hacking, car theft, computers to hack into late-model cars, cyberprotections, cybersecurity, hackers, hacking, homeowner’s security-cameras, Kevin Tighe, keyless cars, National Insurance Crime Bureau, NICB, self driving cars, U.S. Secretary of Transportation Anthony Foxx, Voyomotive, wirelessly take over a car