THIEVES GO HIGH-TECH TO STEAL CARS

Police say vehicle electronics co-opted to bypass ignition controls in late-model vehicles

By Jeff Bennett

The Wall Street Journal
July 5, 2016

Police and car insurers say thieves are using laptop computers to hack into late-model cars’ electronic ignitions to steal the vehicles, raising alarms about the auto industry’s greater use of computer controls.

The discovery follows a recent incident in Houston in which a pair of car thieves were caught on camera using a laptop to start a 2010 Jeep Wrangler and steal it from the owner’s driveway. Police say the same method may have been used in the theft of four other late-model Wranglers and Cherokees in the city. None of the vehicles has been recovered.

“If you are going to hot-wire a car, you don’t bring along a laptop,” said Senior Officer James Woods, who has spent 23 years in the Houston Police Department’s auto antitheft unit. “We don’t know what he is exactly doing with the laptop, but my guess is he is tapping into the car’s computer and marrying it with a key he may already have with him so he can start the car.”

The National Insurance Crime Bureau, an insurance-industry group that tracks car thefts across the U.S., said it recently has begun to see police reports that tie thefts of newer-model cars to what it calls “mystery” electronic devices.

“We think it is becoming the new way of stealing cars,” said NICB Vice President Roger Morris. “The public, law enforcement and the manufacturers need to be aware.”

Fiat Chrysler Automobiles NV said it is unaware of any such incidents involving its vehicles. The auto maker said it “takes the safety and security of its customers seriously and incorporates security features in its vehicles that help to reduce the risk of unauthorized and unlawful access to vehicle systems and wireless communications.”

The recent reports highlight the vulnerabilities created as cars become more computerized and advanced technology finds its way into more vehicles. Fiat Chrysler, General Motors Co. and Tesla Motors Inc. have had to alter their car electronics over the last two years after learning their vehicles could be hacked.

Fiat Chrysler last year recalled 1.4 million vehicles to close a software loophole that allowed two hackers to remotely access a 2014 Jeep Cherokee and take control of the vehicle’s engine, air conditioning, radio and windshield wipers.

Startups and auto-parts makers also are getting involved in cyberprotections for cars.

“In an era where we call our cars computers on wheels, it becomes more and more difficult to stop hacking,” said Yoni Heilbronn, vice president of marketing for Israel-based Argus Cyber Security Ltd., a company developing technologies to stop or detect hackers. “What we now need is multiple layers of protection to make the efforts of carrying out a cyberattack very costly and deter hackers from spending the time and effort.”

San Francisco-based Voyomotive LLC is developing a mobile application that when used with a relay switch installed on the car’s engine can prevent hackers with their own electronic key from starting a vehicle. Its technology also will repeatedly relock a car’s doors if they are accessed by a hacker.

This month, U.S. Secretary of Transportation Anthony Foxx is slated to attend an inaugural global automotive cybersecurity summit in Detroit. General Motors Co. Chief Executive Mary Barra and other industry executives are scheduled to speak.

Automotive industry trade groups are working on a blueprint of best practices for safely introducing new technologies. The Auto-Information Sharing and Analysis Center, created by the Alliance of Automobile Manufacturers and the Global Automakers Association, provides a way to share information on cyberthreats and incorporate cybercrime prevention technologies.

In the Houston car theft, a home-security camera captures a man walking to the Jeep and opening the hood. Officer Woods said he suspects the man is cutting the alarm. About 10 minutes later, after a car door is jimmied open, another man enters the Jeep, works on the laptop and then backs the car out of the driveway.

“We still haven't received any tips,” the officer said.

The thief, says the NICB’s Mr. Morris, likely used the laptop to manipulate the car’s computer to recognize a signal sent from an electronic key the thief then used to turn on the ignition. The computer reads the signal and allows the key to turn.

“We have no idea how many cars have been broken into using this method,” Mr. Morris said. “We think it is minuscule in the overall car thefts but it does show these hackers will do anything to stay one step ahead.”