Two Houston area thieves are accused of stealing as many as 30 Dodge and Jeep vehicles using a software hack.
Michael Arce was arrested by the Houston Police Department Friday for possession of a weapon, possession with intent to deliver a controlled substance and unauthorized use of a motor vehicle. His accomplice, Jesse Zelaya, was charged with unauthorized use of a motor vehicle.
It’s believed Arce accessed a dealership database of vehicle key fob codes, punched in the VIN of the vehicle he wanted to steal and installed the code in a blank key fob before driving off with the vehicle. A dealership or repair shop employee may have sold their username and password for the database to Arce or an accomplice.
FCA said it was not aware of any of its employees selling their database access info.
“FCA US takes the safety and security of its customers seriously and incorporates security features in its vehicles that help to reduce the risk of unauthorized and unlawful access to vehicle systems and wireless communications,” the automaker said. “To date, FCA has NOT been able to identify any employees who may be selling their database access to criminals.”
since November 2005, over 100 vehicles have been stolen in the Houston area using a similar method to Arce’s. FCA also found itself in the headlines last summer after two cybersecurity experts wirelessly hacked into a 2014 Jeep Cherokee’s electronic systems and disabled its transmission. The experiment forced FCA to recall the vehicles in order to implement a fix.