Comedy | March 17, 2010 | 33 comments

Hacker Disables More Than 100 Cars Remotely

source: http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

Image
pjacobs51
More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots

“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle.

Texas Auto Center began fielding complaints from baffled customers the last week in February, many of whom wound up missing work, calling tow trucks or disconnecting their batteries to stop the honking. The troubles stopped five days later, when Texas Auto Center reset the Webtech Plus passwords for all its employee accounts, says Garcia. Then police obtained access logs from Pay Technologies, and traced the saboteur’s IP address to Ramos-Lopez’s AT&T internet service, according to a police affidavit filed in the case.

Ramos-Lopez’s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee’s account, Garcia says. At first, the intruder targeted vehicles by searching on the names of specific customers. Then he discovered he could pull up a database of all 1,100 Auto Center customers whose cars were equipped with the device. He started going down the list in alphabetical order, vandalizing the records, disabling the cars and setting off the horns.

“Omar was pretty good with computers,” says Garcia.

The incident is the first time an intruder has abused the no-start system, according to Jim Krueger, co-owner of Pay Technologies. “It was a fairly straightforward situation,” says Krueger. “He had retained a password, and what happened was he went in and created a little bit of havoc.”


Krueger disputes that the horns were honking in the middle of the night; he says the horn honking can only be activated between 9 a.m. and 9 p.m.

First rolled out about 10 years ago, remote immobilization systems are a controversial answer to delinquent car payments, with critics voicing concerns that debtors could suffer needless humiliation, or find themselves stranded during an emergency. Proponents say the systems let financers extend credit to consumers who might otherwise be ineligible for an auto loan.

Austin police filed computer intrusion charges against Ramos-Lopez on Tuesday.



http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/
  1. groups:
    Community,   News and Politics,   Tech,   Comedy,   6 more
  2. tags:
    Humor Terrorism Cars Computers 5 more
  3.     
    |

33 comments // Hacker Disables More Than 100 Cars Remotely

  • remanns
  • remanns
    • 0
      remanns  

    • Added to F U younger generation and your pussy computer integrated aluminum plastic 4 year disposable cars.................

      HAH>

    • 2 years ago
  • remanns
    • 0
      remanns  

    • (396 eventually traded in for a bored out 350, quicker,........not quite as good on steep grades,....and not the same RAW POWER.)

      BIG toyota hit me at a red light once.
      Fracked him up so he couldn't move on! His fault. Shit. Thought he hit a steel wall.

      I hit a BIG Lincoln in 98,...back end looked BAD,....no injuries,....no tickets writ......they slammed brakes on the way onto highway,.....
      (NO ON BEHIND COULD KNOW) Hurt em----not occupants,....back of Lincoln somewhat the worse for ware)

      Bumper "pushed in",....a bit,...4"?

      It did NOT have 4wD. Drove up hills in "all terrains" WELL!

      god how I loved that chevy.

    • 2 years ago
  • remanns
    • 0
      remanns  

    • Wish I had my 1970 bad ass C20. Rebuilt 4 times. F U HUMMER FULL METAL JACKET TRUCK,..................no chips,....no excuses.,

    • 2 years ago
  • Gordie_Caie
    • 0
      Gordie_Caie  

    • The moral of this story is "was it disclosed to the consumer that the dealership had placed this type of technology inside their vehicle and if this box creates
      a fire or is a hazard, who carries the insurance on it"..?
      I will bet not one customer knew that box was in their vehicle nor was it disclosed to them.

    • 2 years ago
  • remanns
  • slarabee
  • pukemnukem
    • +2
      pukemnukem  
    • slarabee:

      Yeah well apparently googling Sarah Palin to answer her three retarded security questions on her hotmail account makes you a dangerously brilliant hacker according to the media so seeing as this dude just entered in passwords...I guess he is only "pretty good" with computers.

    • 2 years ago
  • hawaiiguy
    • +1
      hawaiiguy  

    • Omar, you would have been more effective if you just concentrated on the car lots, then you would have continued to employ someone to disable the cars on the lots, maybe they would have even hired you back to fix the problem.

    • 2 years ago
  • SalvadoreSouza
  • Progresshiv
  • Elemental226
    • +1
      Elemental226  

    • Hoo boy, just imagine if cars become fully automated? Wouldn't it be just fantastic to know that some jack-ass behind a desk who's having a bad day could send your car flying off the highway at 100 mph? And of course the car companies would LOVE to have that kind of control, and what corporations want, corporations get because of us American Dreamers.

    • 2 years ago
  • pukemnukem
  • daveripkoski
    • +1
      daveripkoski  

    • That's hilarious but crazy at the same time. I guess I wouldn't be so happy if it was my car.... but it's still kinda funny. Certainly never heard of such a thing.

    • 2 years ago
  • Me_vs_Maradona
    • 0
      Me_vs_Maradona  

    • Yeah well wow they can put these in cars? My favorite part of the article had to be the fact that it took the dealership five whole days to think they should reset the employee passwords. I guess all caution goes out the window in Texas.

    • 2 years ago
  • Journal
    • +5
      Journal  

    • I can't believe this type of device is in cars, voluntary or not. If your late on a payment a e-mail will do, you don't immobilize someones transportation. And who opts for this device? your payment is late so your horn beeps, and that help how?

    • 2 years ago
  • deathvoices
  • Window
    • +1
      Window  

    • A company that uses this technology should have been smart enough to know that someone would abuse it at some point. I mean the article even says that he was only going to target a few cars but the program allowed him to hit up a larger pool. They handed him the opportunity. Slap him on the wrist and learn from the lesson.

    • 2 years ago
  • mindcruzer
  • UWAZell
    • +2
      UWAZell  

    • This guy was ignorant, full stop. He should have been well aware that they would be [a] able to track his IP address, and [b] find out who's account the commands were being issued from.

    • 2 years ago
  • Stever_B
    • 0
      Stever_B  

    • It didn't sound like a secret that the web-based devices were installed, so I'm not sure why anyone would think that someone decided they had the "right" to use devices to control the cars, as opposed to the adults that bought the cars agreeing to the device installation.

    • 2 years ago
  • Lieueil
    • +3
      Lieueil  

    • wait ... am I the only one questioning why anyone has any right to use devices to control cars for any reason, especially late payments?

    • 2 years ago
  • NothingIsAbsoluteTruth
  • DeliaTheArtist
    • 0
      DeliaTheArtist  
    • Lieueil:

      Safety reasons come to mind. It's always a slippery slope to encourage the voluntary surrender of rights, but there are a lot less car chases, stolen cars, etc when authority agencies can shut down vehicles remotely.

    • 2 years ago
  • remanns
  • Saladin
    • +4
      Saladin  

    • This the inherent danger in computerizing mechanical things.

      Computers are unreliable devices which are very easily hacked or destroyed.

    • 2 years ago
  • Window
  • Saladin
    • +2
      Saladin  
    • Window:

      Hardly, sometimes it's just the limit of the technology itself.

      Coal can't take you to the moon, for instance.

      Similarly, there just isn't a way to build a computer that's as reliable and safe as a mechanical device. It relies on too many sensitive parts and, is subject to external connection, is easily recoded.

      Although the larger issue here is that dealers are doing this to cars in the first place, it's scary stuff.

    • 2 years ago
  • remanns
  • remanns
more from Comedy:
from the community

top videos