Cars Remotely Disabled by Hacker

Forum Moderators: open

Message Too Old, No Replies

Cars Remotely Disabled by Hacker

engine

12:44 pm on Mar 18, 2010 (gmt 0)

Cars Remotely Disabled by Hacker [wired.com]

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for.

rocknbil

5:41 pm on Mar 18, 2010 (gmt 0)

The whole remote control thing is scary, I think. They advertise it as a feature, sold on the cool factor, but it's really just a way to always know where you are at any time. Plant a chip in my head and get it over with already . . .

youfoundjake

2:04 am on Mar 19, 2010 (gmt 0)

It appears that it was due to a laid off employee which is where quite a bit of malicious activity occurs. Passwords should have been changed. I can understand the company wanting to be able to brick the car for lack of payments, makes sense, no dangers like repo'ing. I would be more alarmed if someone not previously associated with the company was able to accomplish the same task.
I wonder what this will do to sales at the 4 dealerships

bhonda

11:42 am on Mar 19, 2010 (gmt 0)

Passwords should have been changed

From what I gather, the ex-employee's account was disabled, and he used the account of another employee, whose credentials he knew.

Should their policy be that whenever somebody leaves, all passwords for all users should be changed?

Seems a bit excessive, but I guess in this case would have worked fine!

sonjay

4:54 pm on Mar 19, 2010 (gmt 0)

The troubles stopped five days later, when Texas Auto Center reset the Webtech Plus passwords for all its employee accounts

Five days it took them to figure out to change all the passwords!

grandpa

10:58 pm on Mar 19, 2010 (gmt 0)

“Omar was pretty good with computers,” says Garcia.

No he wasn't. He got caught because he was traced by his IP address to his AT&T internet account.

Austin police filed computer intrusion charges against Ramos-Lopez on Tuesday.

Not very good at all, Omar.

Habtom

7:29 am on Mar 20, 2010 (gmt 0)

Should their policy be that whenever somebody leaves, all passwords for all users should be changed?

If he was in control of user accounts, yes. But what is to consider is here the other employee shouldn't have shared his/her personal credentials.