Cars Remotely Disabled by Hacker Foo forum at WebmasterWorld

Welcome to WebmasterWorld Guest from 107.20.129.212
register, login, search, subscribe, help, library, PubCon, announcements, recent posts, open posts,

Subscribe to WebmasterWorld

Home / Forums Index / Local / Foo

Forum Library : Charter : Moderators: incrediBILL & lawman
Foo Forum

Cars Remotely Disabled by Hacker

engine

msg:4100301

12:44 pm on Mar 18, 2010 (gmt 0)

Cars Remotely Disabled by Hacker [wired.com]

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for.

rocknbil

msg:4100529

5:41 pm on Mar 18, 2010 (gmt 0)

The whole remote control thing is scary, I think. They advertise it as a feature, sold on the cool factor, but it's really just a way to always know where you are at any time. Plant a chip in my head and get it over with already . . .

youfoundjake

msg:4100796

2:04 am on Mar 19, 2010 (gmt 0)

It appears that it was due to a laid off employee which is where quite a bit of malicious activity occurs. Passwords should have been changed. I can understand the company wanting to be able to brick the car for lack of payments, makes sense, no dangers like repo'ing. I would be more alarmed if someone not previously associated with the company was able to accomplish the same task.
I wonder what this will do to sales at the 4 dealerships

bhonda

msg:4100938

11:42 am on Mar 19, 2010 (gmt 0)

Passwords should have been changed

From what I gather, the ex-employee's account was disabled, and he used the account of another employee, whose credentials he knew.

Should their policy be that whenever somebody leaves, all passwords for all users should be changed?

Seems a bit excessive, but I guess in this case would have worked fine!

sonjay

msg:4101086

4:54 pm on Mar 19, 2010 (gmt 0)

The troubles stopped five days later, when Texas Auto Center reset the Webtech Plus passwords for all its employee accounts

Five days it took them to figure out to change all the passwords!

grandpa

msg:4101345

10:58 pm on Mar 19, 2010 (gmt 0)

“Omar was pretty good with computers,” says Garcia.

No he wasn't. He got caught because he was traced by his IP address to his AT&T internet account.

Austin police filed computer intrusion charges against Ramos-Lopez on Tuesday.

Not very good at all, Omar.

Habtom

msg:4101441

7:29 am on Mar 20, 2010 (gmt 0)

Should their policy be that whenever somebody leaves, all passwords for all users should be changed?

If he was in control of user accounts, yes. But what is to consider is here the other employee shouldn't have shared his/her personal credentials.

Global Options:

top

home

open messages

active posts

Home / Forums Index / Local / Foo

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
WebmasterWorld ® and PubCon ® are a Registered Trademarks of Pubcon Inc.
© Pubcon Inc. 1996-2012 all rights reserved

Foo Forum