It was the all the rage in 2009, and you probably still hear people say it today. Ever since Apple launched their, “There’s an app for that commercial” people have loved saying it, and they’ve had plenty of opportunities because there’s an app for everything today. Sleep machine apps, apps that show a flame on your screen when you flick them, even kids’ toys come with apps today. Why should auto dealers be any different? Unfortunately, one of the most popular apps for auto dealers has vulnerabilities that could make every car they sell vulnerable to hackers.
Last year in Houston, Texas police were on the tail of a car thief who they believed was responsible for more than 100 stolen cars. They soon identified two men who they thought were responsible, but before arresting them the Houston P.D. set up a camera over a car that they suspected the thieves would try to steal. Just as expected, one of the car thieves broke into the car, but what they did next surprised the police. Once inside the car, the thief took out his laptop. In only a few minutes, the thief had the car alarm off, engine on, and drove off. Of course, he was arrested soon after, but the officers were still interested in knowing what he did with his laptop.
DealerCONNECT is a favorite among auto dealers because it offers features that make their lives easier. DealerCONNECT comes with a lot tracker, a fast vehicle health scan, and makes it easy to connect to OBD-II units that allows the dealer to track the car. If everyone was honest, DealerCONNECT would be a perfect app. But these two car thieves found a way to turn it into a tool to steal the very cars it’s meant to help sell and maintain. DealerCONNECT works by connecting to the automaker’s database and making the information there available to the auto dealer. That’s how auto dealers are able to maintain and fix the vehicles they sell, but the thieves were using that information to reprogram the car. The hackers accessed the automaker’s database through the DealerCONNECT app and entered the car’s VIN number. With the information they were given access to they were able to reprogram the car’s computer so that instead of only starting for the owner’s unique key fob it started for their generic fob. Just like that, they were able to drive off with over 100 cars.
Yes, the days of making copies of your car keys are over because cars don’t start on keys anymore. They rely on key fobs that send signals to the ignition, which as shown by the Houston car thieves makes the cars vulnerable. The amount of technology that goes into simply starting the car forces auto dealers to handle cybersecurity every day, and if they aren’t up to the task they could be held liable for the consequences. Although they did not release an official response to the Houston car thieves, soon after their methods were revealed Fiat Chrysler updated its terms of agreement to state that they can do everything from cancel the service to proceed with criminal charges for anyone who shares the key codes to a car from DealerCONNECT.
In our “there’s an app for that culture” no one is safe from cybercrime. Headlines like to focus on international cybercrime, but everyday small time hackers are taking advantage of people who think that cybercrime will never find them. If you’re an auto dealer, make the changes you need to handle the large amount of technology you’ll be handling in the future. Cars are more computer than oil today, how long do you think you can go?