Mobile app used in Car2go fraud scheme to steal 100 vehicles

Services have been temporarily paused in Chicago to investigate the incident.

Android spyware poses as a privacy tool to steal your data Triout malware is designed for espionage and can spy on almost every aspect of compromised devices - and now it's back with new tactics.

Car2go's mobile application appears to have been central to a fraudulent scheme used to steal as many as 100 high-end vehicles.

As reported by CBS Chicago, the short-term rental car service has temporarily revoked its services in Chicago where the alleged scheme took place.

Users who attempted to access the firm's mobile app to book a car have been met with a notice which says that services are not currently available and the company will "provide an updated as soon as possible."

See also: Remove yourself from the internet, hide your identity, and erase your online presence

CBS reporter Brad Edwards tweeted Wednesday that as many as 100 Mercedes and other high-end cars are missing or have been stolen, and some of these vehicles have been "used in crimes."

In addition, Edwards said that 12 people so far are in custody in relation to the fraud and potentially criminal activity.

screenshot-2019-04-18-at-10-30-57.png

CNET: Lyft reportedly limits employees' access to customer data

Daimler-owned Car2go is keen to emphasize, however, that vulnerabilities or security problems with the mobile app -- which are used to unlock the cars -- are not at fault. In response to a tweet sent out by Automotive News, the car hire firm said:

"We were not hacked. This is an instance of fraud, isolated to Chicago, and we are currently working with law enforcement. None of our member's personal or confidential information has been compromised. No other SHARE NOW North American market has been affected."

A spokesperson told CBS Chicago that "out of an abundance of caution" services have been paused in the city.

The Chicago Police Department has also been notified and is investigating how the vehicles were acquired, some of which have been recovered. Law enforcement is not sure at the present stage whether there are other vehicles involved in the fraud which are unaccounted for. 

TechRepublic: How criminals use fraud guides from the Dark Web to scam organizations and individuals

"At this time the recoveries appear to be isolated to the West Side," the department added. "The investigation is ongoing."

While the ways in which the alleged criminals were able to unlock and steal these vehicles is not yet known, we have seen some interesting methods of compromising smart cars in recent years. 

Among these attack methods are exploiting infotainment systems to run drivers off the road, compromising CAN buses to seize control of brakes, and using Raspberry Pi boards to unlock vehicles. 

Previous and related coverage