FCA moves to lock down security codes

Fiat Chrysler is threatening serious repercussions to anyone who uses its internal DealerCONNECT software and provides outsiders with "key codes, radio codes and other anti-theft or security measures."

The company upgraded its DealerCONNECT terms of use with threats that it could pursue "civil and criminal proceedings" against violators. The updates were made on Thursday, Aug. 25, just weeks after police in Houston arrested two men believed to be part of a vehicle-theft ring. The ring is accused of stealing more than 100 Jeep and Ram vehicles using little more than a laptop computer, an OBD-II plug and software.

The ring targeted Jeep Wranglers and Grand Cherokees as well as Ram pickups, "and then transported them across the U.S.-Mexico border, usually in the overnight hours before vehicle owners were aware they had been stolen," the Houston Police Department said in a press release.

The police investigation began in April when a homeowner showed surveillance video to police of a Wrangler theft from the driveway of a residence near downtown. The video shows the thief accessing the vehicle and then using a laptop for several minutes inside before driving away.

FCA spokesman Berj Alexanian told the Houston Chronicle that thieves entered the vehicle identification number of a target vehicle into an FCA database, which contains the code for that vehicle's key fob. From there, the thief could reprogram the vehicle's security systems to accept a generic key fob, allowing the thief to drive off with the vehicle.

Victor Senties, a spokesman for the Houston Police Department, said the investigation into the ring is still active and that further arrests are likely. The U.S. Department of Homeland Security and the U.S. Immigration and Customs Enforcement are also involved in the investigation, the police department said. 

Investigators declined to say how the thieves obtained access to FCA's VIN database. Senties said that investigators believe no other automaker's products were targeted. 

An FCA spokesman would not comment to Automotive News for this report, and wouldn't say whether the change in the automaker's DealerCONNECT terms of use was directly related to the Houston case.

FCA's amended terms of use for DealerCONNECT contain strong language reminding users that sharing information "may result in irreparable harm to the Company." 

They also warn that FCA may monitor the use of the system "to ensure compliance." And it threatens that strong action could be taken against people who violate the terms: "The Company may terminate access privileges, take disciplinary action up to and including discharge, and institute civil or criminal proceedings for violations of the Company's policies, process guidelines, or behavior guidance." 

Despite the high-tech Houston thefts, those who track stolen vehicles say the vast majority of such crimes are low-tech. 

Frank Scafidi, a spokesman for the National Insurance Crime Bureau, said such "re-keying" thefts are still very rare because most car thieves lack the sophistication to pull off such crimes. 

Scafidi joked, "The kinds of knuckle-draggers that we see stealing cars, I mean, they get into a car with a manual transmission and they're stuck."