Biker gang arrested, hijacked more than 150 cars Jeep Wrangler

Onboard Diagnostics System port in a Jeep Grand Cherokee



FBI agents detained nine members of the biker gang, which hunted Jeep Wrangler cars using high-tech hacking methods ( video hijacking ). Apparently, the hacking methods were used about the same as those recently arrested Mexicans, who hacked and hijacked more than 100 Jeep Grand Cherokee cars ( video ).



In modern cars, electronics and software make up almost half the cost. Accordingly, the methods of hijacking for these "computers on wheels" are applied technological.



As the authorities explained, the biker gang Dirty 30, a division of the larger gang of Hooligans Motorcycle Gang, was involved in the hijacking. Each of the nine members of the group had their own narrow specialization, and all the hijackings occurred in the same way.



The scheme is as follows. At first, the hijackers recognized the vehicle's identifier - Vehicle Identification Number (VIN). The code was transferred to a gang member who was engaged in the manufacture of keys. He had access to a proprietary database with lost key replacement codes for the Jeep Wrangler. According to the specified VIN, the specialist downloaded two codes from the database. Using the first code, he produced a physical ignition key with a chip for the Jeep Wrangler and, together with the second code, gave it to the members of the gang, who carried out the direct theft.



At the first stage of the hijacking, the attackers broke into the hood and turned off the external light and sound alarms. Then, using a key made, they opened the cabin door, got into the jeep and inserted the ignition key. It was necessary to act very quickly: one of the hackers connected a laptop computer to the Onboard Diagnostics System port in the cabin - and with the help of the second code from the database, I activated the replacement key I received, synchronizing it with the car.



Within several minutes malefactors created the valid key, disconnected the alarm system and left on the car. Soon the car was transferred to another member of the gang - the carrier - who quickly took the car to Mexico, where it was dismantled for parts.





The authorities said they began investigating biker activity when they detained three gang members in early 2015. According to investigators, since 2014, a high-tech gang has managed to steal more than 150 jeeps with a total value of more than $ 4.5 million.



Literally two weeks ago, well-known car hackers Charlie Miller and Chris Valasek laid out their old documents in open access - almost a step-by-step tutorial on hacking Jeep Cherokee, as well as tools and documentation on hacking other cars with a CAN bus. These two specialists have been making reports on car safety for several years. In 2013, after demonstrating the management of the 2010 Toyota Prius and 2010 Ford Escape cars with a laptop and Nintendo gamepad, they presented a detailed report describing the hacking technique and published the program code for the car computer exploit (ECU) using the Controller Area Network (CAN) packet transmission . The results of that experiment are described in the fundamental work “Adventures in Automotive Networks and Control Units” . In 2015, Miller and Valasek demonstrated the hacking of the Jeep Cherokee two years ago with the remote control of some of the vehicle’s functions. After that presentation, the automaker had to withdraw almost 1.5 million cars worldwide to replace the firmware.



One of the main hacker references from Miller and Valasek is the Hacking Cars for the Poor guide. It explains how to make the ECU work outside the car and use the tools described in the previous work to examine the CAN bus messages and launch an attack.



Of course, it’s not at all these yard specialists who are to blame for the fact that hundreds of cars are stolen. Blame automakers who are not attentive to the safety of their "computers on wheels". They are accustomed to paying attention, first of all, to the safety of the driver and passengers during the ride, convenience and functionality - but they do not understand that now completely new requirements are being put forward for the safety of computer systems.



Miller and Valasek explained that they do not have the ability to test each model separately, but for all modern car computers there are certain standard attack vectors that can be used. Hackers did not even mention such banal security measures as reliable storage of a database with backup key codes.



Well, the owners of Jeep Wrangler authorities recommend changing the hood locking system so that it does not open outside the car. Then hackers will not be able to turn off the alarm before hijacking.