Biker gang arrested, hijacked more than 150 cars Jeep Wrangler

Onboard Diagnostics System Port in a Jeep Grand Cherokee Car The
FBI agents detained nine members of a biker gang that hijacked a Jeep Wrangler using high-tech hacking techniques ( video hijacking ). Apparently, the hacking methods were used about the same as those of recently arrested Mexicans, who hacked and hijacked more than 100 Jeep Grand Cherokee cars ( video ).
In modern cars, electronics and software make up almost half the cost. Accordingly, the methods of hijacking for these "computers on wheels" are applied technological.
As explained by the authorities, the biker gang Dirty 30, a division of the larger gang of Hooligans Motorcycle Gang, was involved in the hijacking. Each of the nine members of the group had its own narrow specialization, and all the hijackings occurred in the same way.
The scheme is as follows. First, the hijackers recognized the vehicle's specific identifier — Vehicle Identification Number (VIN). The code was transferred to a gang member who was engaged in the manufacture of keys. He had access to a proprietary database with lost key replacement codes for the Jeep Wrangler. According to the specified VIN, the specialist downloaded two codes from the database. Using the first code, he produced a physical ignition key with a chip for the Jeep Wrangler and, together with the second code, transferred it to the gang members, who carried out the hijacking directly.
At the first stage of the hijacking, the attackers broke the hood and turned off the external light and sound alarms. Then, using a key made, they opened the cabin door, got into the jeep and inserted the ignition key. It was necessary to act very quickly: one of the hackers connected a laptop computer to the Onboard Diagnostics System port in the cabin - and with the help of the second code from the database I activated the replacement key I received, synchronizing it with the car.
Within several minutes malefactors created the valid key, disconnected the alarm system and left on the car. Soon the car was transferred to another member of the gang - the carrier - who quickly took the car to Mexico, where it was dismantled for parts.
The authorities said they began investigating biker activity when they detained three gang members in early 2015. According to investigators, since 2014, a high-tech gang managed to kidnap more than 150 jeeps worth more than $ 4.5 million.
Just two weeks ago, well-known car hackers Charlie Miller and Chris Valasek (Chris Valasek) laid out in open accessYour old documents are practically a step-by-step tutorial on cracking a Jeep Cherokee, as well as tools and documentation on cracking other cars with a CAN bus. These two specialists have been making reports on car safety for several years. In 2013, after demonstrating the management of the 2010 Toyota Prius and 2010 Ford Escape cars from a laptop and Nintendo gamepad, they presented a detailed report describing the hacking technique and published the program code for the car computer exploit (ECU) using the Controller Area Network (CAN) packet transmission . The results of that experiment are described in the fundamental work “Adventures in Automotive Networks and Control Units”. In 2015, Miller and Valasek demonstrated the hacking of the Jeep Cherokee two years ago with remote control of some of the vehicle’s functions. After that presentation, the automaker had to withdraw almost 1.5 million cars worldwide to replace the firmware.
One of the main hacker references from Miller and Valasek is the Hacking Cars for the Poor guide . It explains how to make the ECU work outside the car and use the tools described in the previous work to examine the CAN bus messages and launch an attack.
Of course, it’s not at all these specialists' yard that the cars are stolen in the hundreds are to blame. Blame automakers who are not attentive to the safety of their "computers on wheels." They are accustomed to paying attention, first of all, to driver and passenger safety while driving, convenience and functionality - but they do not understand that now completely new requirements are being put forward for the safety of computer systems.
Miller and Valasek have explained that they have no way to check each model separately, but for all modern car computers there are certain standard attack vectors that can be used. Hackers did not even mention such banal security measures as reliable storage of a database with backup key codes.
Well, the authorities recommend that owners of Jeep Wrangler change the hood locking system so that it does not open outside the car. Then hackers will not be able to turn off the alarm before hijacking.